dsibilly
commented
6 years ago This issue remains unresolved. debug@2.6.9 is the most current update of v2 of the debug module that is patched against this attack.
Open AxeOfMen opened 6 years ago
dsibilly
commented
6 years ago This issue remains unresolved. debug@2.6.9 is the most current update of v2 of the debug module that is patched against this attack.
The version of the
debugdependency used is vulnerable to a denial of service attack. See https://nodesecurity.io/advisories/534