Sign upLogin

martinheidegger/i18n-core

View on GitHub
Star
npm-shrinkwrap.json

Summary

Maintainability
Test Coverage

tough-cookie Regular Expression Denial of Service
Open

    "tough-cookie": {
      "version": "2.3.2",
      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.2.tgz",
      "integrity": "sha1-8IH3bkyFcg5sN6X6ztc3FQ2EByo=",
      "dev": true
Severity: Minor
Found in npm-shrinkwrap.json by nodesecurity

Regular Expression Denial of Service

Overview:

The tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.

Unless node was compiled using the -DHTTPMAXHEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.

At the time of writing all version <=2.3.2 are vulnerable

Recommendation:

Please update to version 2.3.3 or greater

debug Regular Expression Denial of Service
Open

        "debug": {
          "version": "2.2.0",
          "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz",
          "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=",
          "dev": true
Severity: Minor
Found in npm-shrinkwrap.json by nodesecurity

Regular Expression Denial of Service

Overview:

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Recommendation:

Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.

debug Regular Expression Denial of Service
Open

    "debug": {
      "version": "2.6.8",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
      "integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=",
      "dev": true
Severity: Minor
Found in npm-shrinkwrap.json by nodesecurity

Regular Expression Denial of Service

Overview:

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Recommendation:

Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.

debug Regular Expression Denial of Service
Open

    "debug": {
      "version": "2.6.8",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
      "integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=",
      "dev": true
Severity: Minor
Found in npm-shrinkwrap.json by nodesecurity

Regular Expression Denial of Service

Overview:

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Recommendation:

Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.

There are no issues that match your filters.

Category
Status