CVE-2017-16137

CVE-2017-16137 affects the Node.js debug module and can cause a regular expression denial of service (ReDoS) when untrusted input is passed to the formatter; susceptibility is reported as low severity but could enable a DoS by consuming CPU with around 50k characters. The connected documents show...

CVE-2017-20165

CVE-2017-20165 affects the debug-js package (debug up to 3.0.x). The vulnerability is in the useColors function in src/node.js, where manipulating the argument str leads to inefficient regular-expression complexity (ReDoS). A fix is available in version 3.1.0, and the patch is identified as c38a0...