Closed
Description
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Affected versions: All versions
Fixed versions: 2.6.9, 3.1.0
Solution: Upgrade to latest versions.
Credit: Cristian-Alexandru Staicu
Sources: https://nodesecurity.io/advisories/534
debug-js/debug#501
debug-js/debug#504