CVE-2017-20165

CVE-2017-20165 affects the debug-js package (debug up to 3.0.x). The vulnerability is in the useColors function in src/node.js, where manipulating the argument str leads to inefficient regular-expression complexity (ReDoS). A fix is available in version 3.1.0, and the patch is identified as c38a0...