CVE-2017-16137

Published: Jun 7, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Vendor	Product	Versions
HackerOne	debug node module	affected `<= 2.6.8 \|\| >= 3.0.0 <= 3.0.1`

Weaknesses (CWE)

CWE-400

References

https://github.com/visionmedia/debug/pull/504

x_refsource_MISC

https://github.com/visionmedia/debug/issues/501

x_refsource_MISC

https://nodesecurity.io/advisories/534

x_refsource_MISC

[netbeans-commits] 20200429 [jira] [Created] (NETBEANS-4280) cleanup potential security breaches

mailing-list

x_refsource_MLIST

[netbeans-notifications] 20200429 [GitHub] [netbeans] BradWalker opened a new pull request #2110: [NETBEANS-4280] - cleanup potential security breaches

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-16137

Description

Affected Products

Weaknesses (CWE)

References