You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Regular Expression Denial of Service (ReDoS)
Vulnerable module: debug
Introduced through: body-parser@1.16.1, express@4.14.1 and others
Detailed paths
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › body-parser@1.16.1 › debug@2.6.1
Remediation: Upgrade to body-parser@1.18.2.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › debug@2.2.0
Remediation: Upgrade to express@4.15.5.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › morgan@1.7.0 › debug@2.2.0
Remediation: Upgrade to morgan@1.9.0.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › finalhandler@0.5.1 › debug@2.2.0
Remediation: Upgrade to express@4.15.0.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › send@0.14.2 › debug@2.2.0
Remediation: Upgrade to express@4.15.5.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › serve-static@1.11.2 › send@0.14.2 › debug@2.2.0
Remediation: Upgrade to express@4.15.5.
Overview
debug is a JavaScript debugging utility modelled after Node.js core's debugging technique..
debug uses printf-style formatting. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks via the the %o formatter (Pretty-print an Object all on a single line). It used a regular expression (/\s*\n\s*/g) in order to strip whitespaces and replace newlines with spaces, in order to join the data into a single line. This can cause a very low impact of about 2 seconds matching time for data 50k characters long.
The text was updated successfully, but these errors were encountered:
Regular Expression Denial of Service (ReDoS)
Vulnerable module: debug
Introduced through: body-parser@1.16.1, express@4.14.1 and others
Detailed paths
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › body-parser@1.16.1 › debug@2.6.1
Remediation: Upgrade to body-parser@1.18.2.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › debug@2.2.0
Remediation: Upgrade to express@4.15.5.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › morgan@1.7.0 › debug@2.2.0
Remediation: Upgrade to morgan@1.9.0.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › finalhandler@0.5.1 › debug@2.2.0
Remediation: Upgrade to express@4.15.0.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › send@0.14.2 › debug@2.2.0
Remediation: Upgrade to express@4.15.5.
Introduced through: etherchain-light@gobitfly/etherchain-light#0163743bbd61c33ad71cb238ca4ea900fa922710 › express@4.14.1 › serve-static@1.11.2 › send@0.14.2 › debug@2.2.0
Remediation: Upgrade to express@4.15.5.
Overview
debug is a JavaScript debugging utility modelled after Node.js core's debugging technique..
debug uses printf-style formatting. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks via the the %o formatter (Pretty-print an Object all on a single line). It used a regular expression (/\s*\n\s*/g) in order to strip whitespaces and replace newlines with spaces, in order to join the data into a single line. This can cause a very low impact of about 2 seconds matching time for data 50k characters long.
The text was updated successfully, but these errors were encountered: