AZL-44850 CVE-2021-33502 affecting package nodejs-nodemon 2.0.3-5

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

AZL-45153 CVE-2020-7788 affecting package nodejs-nodemon 2.0.3-5

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

AZL-44772 CVE-2017-16137 affecting package nodejs-nodemon 2.0.3-5

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

AZL-44892 CVE-2017-16119 affecting package nodejs-nodemon 2.0.3-5

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...