Regular Expression Denial of Servicedebug
Affected versions of
debug are vulnerable to regular expression denial of service when untrusted user input is passed into the
As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.
Version 2.x.x: Update to version 2.6.9 or later. Version 3.x.x: Update to version 3.1.0 or later.
publishedAdvisory publishedSep 27th, 2017
reportedInitial report by Cristian-Alexandru StaicuSep 25th, 2017