Lucene search

[email protected]CVE-2017-20165

HistoryJan 09, 2023 - 10:15 a.m.

CVE-2017-20165

2023-01-0910:15:10

CWE-1333

[email protected]

web.nvd.nist.gov

cve-2017-20165

vulnerability

debug-js

upgrade

regular expression complexity

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

81.3%

JSON

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The identifier of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

debug-jsdebugMatch3.0

CPENameOperatorVersion
debug_project:debugdebug project debuglt2.6.9
debug_project:debugdebug project debuglt3.1.0

CPE	Name	Operator	Version
debug_project:debug	debug project debug	lt	2.6.9
debug_project:debug	debug project debug	lt	3.1.0

CNA Affected

[
  {
    "vendor": "debug-js",
    "product": "debug",
    "versions": [
      {
        "version": "3.0",
        "status": "affected"
      }
    ]
  }
]