Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular expression denial of service #62

Closed
zazoomauro opened this issue Feb 19, 2018 · 0 comments
Closed

Regular expression denial of service #62

zazoomauro opened this issue Feb 19, 2018 · 0 comments
Labels
security
Milestone
2.0

Comments

@zazoomauro
Copy link
Owner

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Affected versions: All versions
Fixed versions: 2.6.9, 3.1.0
Solution: Upgrade to latest versions.
Credit: Cristian-Alexandru Staicu
Sources: https://nodesecurity.io/advisories/534
debug-js/debug#501
debug-js/debug#504
@zazoomauro zazoomauro changed the title Fix REGULAR EXPRESSION DENIAL OF SERVICE REGULAR EXPRESSION DENIAL OF SERVICE Feb 19, 2018
@zazoomauro zazoomauro changed the title REGULAR EXPRESSION DENIAL OF SERVICE Regular expression denial of service Feb 19, 2018
@zazoomauro zazoomauro added this to the 2.0 milestone Feb 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
1 participant
@zazoomauro