First published: Mon Jan 09 2023(Updated: )
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The identifier of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Debug Project Debug | <2.6.9 | |
Debug Project Debug | >=3.0.0<3.1.0 | |
npm/debug | >=3.0.0<3.1.0 | 3.1.0 |
npm/debug | <2.6.9 | 2.6.9 |
<2.6.9 | ||
>=3.0.0<3.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-20165 is high with a CVSS score of 7.5.
CVE-2017-20165 affects the function useColors of the file src/node.js in the debug-js library.
Upgrading to version 3.1.0 of the debug-js library fixes CVE-2017-20165.
Yes, you can find references for CVE-2017-20165 at the following links: [link1], [link2], [link3].
The CWE ID for CVE-2017-20165 is 1333.