dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

debug Inefficient Regular Expression Complexity vulnerability #24

New Issue
Closed
opened 2023-01-11 04:41:40 +00:00 by argoyle · 0 comments
argoyle commented 2023-01-11 04:41:40 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

⚠️ dependabot-gitlab has detected security vulnerability for debug in path: /, manifest_file: /package.json but was unable to update it! ⚠️

Package Severity Affected versions Patched versions IDs
debug (NPM) LOW < 3.1.0 3.1.0 GHSA-9vvw-cc9w-f27h,CVE-2017-20165

Description

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.

References

⚠️ `dependabot-gitlab` has detected security vulnerability for `debug` in path: `/`, manifest_file: `/package.json` but was unable to update it! ⚠️ * https://github.com/advisories/GHSA-9vvw-cc9w-f27h | Package | Severity | Affected versions | Patched versions | IDs | |-------------|----------|-------------------|------------------|----------------------------------------| | debug (NPM) | LOW | < 3.1.0 | 3.1.0 | `GHSA-9vvw-cc9w-f27h`,`CVE-2017-20165` | # Description A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability. # References * https://nvd.nist.gov/vuln/detail/CVE-2017-20165 * https://github.com/debug-js/debug/pull/504 * https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685 * https://github.com/debug-js/debug/releases/tag/3.1.0 * https://vuldb.com/?ctiid.217665 * https://vuldb.com/?id.217665 * https://github.com/advisories/GHSA-9vvw-cc9w-f27h
argoyle (Migrated from gitlab.com) closed this issue 2023-06-02 14:10:55 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label security severity:low
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#24
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?