tough-cookie
Regular Expression Denial of Service Open
"tough-cookie": {
"version": "2.3.2",
"resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.2.tgz",
"integrity": "sha1-8IH3bkyFcg5sN6X6ztc3FQ2EByo=",
"dev": true
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Regular Expression Denial of Service
Overview:
The tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.
Unless node was compiled using the -DHTTPMAXHEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.
At the time of writing all version <=2.3.2 are vulnerable
Recommendation:
Please update to version 2.3.3 or greater
debug
Regular Expression Denial of Service Open
"debug": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz",
"integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=",
"dev": true
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Regular Expression Denial of Service
Overview:
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o
formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Recommendation:
Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.
debug
Regular Expression Denial of Service Open
"debug": {
"version": "2.6.8",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
"integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=",
"dev": true
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Regular Expression Denial of Service
Overview:
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o
formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Recommendation:
Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.
debug
Regular Expression Denial of Service Open
"debug": {
"version": "2.6.8",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
"integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=",
"dev": true
- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Regular Expression Denial of Service
Overview:
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o
formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Recommendation:
Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.