itsKedar
commented
2 years ago Issue still exists.
Open itsKedar opened 2 years ago
itsKedar
commented
2 years ago Issue still exists.
itsKedar
commented
2 years ago Issue still exists.
itsKedar
commented
2 years ago Issue still exists.
Description
In NPM
debug, theenablefunction accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137.HIGH Vulnerable Package issue exists @ debug in branch main
Vulnerability ID: Cx8bc4df28-fcf5
Package Name: debug
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2020-12-10T17:14:00
Current Package Version: 3.2.7
Remediation Upgrade Recommendation:
Link To SCA