CVE-2017-16137

Name of the Vulnerable Software and Affected Versions debug versions prior to 2.6.9 debug versions 3.2.0 through 3.2.6 debug versions 4.0.0 through 4.3.0

Description The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. This issue is considered low severity as it takes around 50,000 characters to block the event loop for 2 seconds. The vulnerability can be exploited by a remote attacker using a specially crafted regular expression, potentially leading to a denial of service.

Recommendations Version 2.x.x: Update to version 2.6.9 or later. Version 3.1.x: Update to version 3.1.0 or later. Version 3.2.x: Update to version 3.2.7 or later. Version 4.x.x: Update to version 4.3.1 or later.