CVE-2017-16137

Summary

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Affected Software

VendorProductVersion RangeStatus
HackerOnedebug node module`<= 2.6.8

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References