In NPM debug, the enable function accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137.
HIGH Vulnerable Package issue exists @ debug in branch master
Description
In NPM
debug, theenablefunction accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137.HIGH Vulnerable Package issue exists @ debug in branch master
Vulnerability ID: Cx8bc4df28-fcf5
Package Name: debug
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2020-12-10T17:14:00
Current Package Version: 2.6.9
Remediation Upgrade Recommendation:
Link To SCA
Reference – NVD link