📂 Vulnerable Library - session-rethinkdb-2.0.1.tgz
RethinkDB session store for Express and Connect
Path to dependency file: /api/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2017-16137 |
🟠 Medium |
5.3 |
Not Defined |
< 1% |
debug-3.2.6.tgz |
Transitive |
N/A |
❌ |
 Unreachable |
Details
🟠CVE-2017-16137
Vulnerable Library - debug-3.2.6.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-3.2.6.tgz
Path to dependency file: /api/package.json
Dependency Hierarchy:
-
redis-tag-cache-1.2.1.tgz (Root Library)
- ioredis-4.9.5.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
cypress-3.6.1.tgz (Root Library)
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
http-proxy-middleware-1.0.4.tgz (Root Library)
- http-proxy-1.18.1.tgz
- follow-redirects-1.7.0.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
session-rethinkdb-2.0.1.tgz (Root Library)
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
backpack-core-0.8.3.tgz (Root Library)
- nodemon-1.19.1.tgz
- chokidar-2.1.6.tgz
- fsevents-1.2.9.tgz
- node-pre-gyp-0.12.0.tgz
- needle-2.4.0.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
slate-0.44.13.tgz (Root Library)
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
web-push-3.3.5.tgz (Root Library)
- https-proxy-agent-2.2.1.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
flow-typed-2.5.2.tgz (Root Library)
- rest-15.18.1.tgz
- https-proxy-agent-2.2.1.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
browserify-preprocessor-1.1.2.tgz (Root Library)
- core-7.1.0.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
jest-22.4.3.tgz (Root Library)
- jest-cli-22.4.4.tgz
- istanbul-lib-source-maps-1.2.6.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
apollo-server-cache-redis-1.1.4.tgz (Root Library)
- ioredis-4.9.5.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
-
jest-21.2.1.tgz (Root Library)
- jest-cli-21.2.1.tgz
- istanbul-api-1.3.7.tgz
- istanbul-lib-source-maps-1.2.6.tgz
- ❌ debug-3.2.6.tgz (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: Jun 07, 2018 02:00 AM
URL: CVE-2017-16137
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-gxpj-cx7g-858c
Release Date: Jun 07, 2018 02:00 AM
Fix Resolution : debug - 2.6.9,3.1.0,3.2.7,4.3.1
📂 Vulnerable Library - session-rethinkdb-2.0.1.tgz
RethinkDB session store for Express and Connect
Path to dependency file: /api/package.json
Findings
Details
🟠CVE-2017-16137
Vulnerable Library - debug-3.2.6.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-3.2.6.tgz
Path to dependency file: /api/package.json
Dependency Hierarchy:
redis-tag-cache-1.2.1.tgz (Root Library)
cypress-3.6.1.tgz (Root Library)
http-proxy-middleware-1.0.4.tgz (Root Library)
session-rethinkdb-2.0.1.tgz (Root Library)
backpack-core-0.8.3.tgz (Root Library)
slate-0.44.13.tgz (Root Library)
web-push-3.3.5.tgz (Root Library)
flow-typed-2.5.2.tgz (Root Library)
browserify-preprocessor-1.1.2.tgz (Root Library)
jest-22.4.3.tgz (Root Library)
apollo-server-cache-redis-1.1.4.tgz (Root Library)
jest-21.2.1.tgz (Root Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: Jun 07, 2018 02:00 AM
URL: CVE-2017-16137
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-gxpj-cx7g-858c
Release Date: Jun 07, 2018 02:00 AM
Fix Resolution : debug - 2.6.9,3.1.0,3.2.7,4.3.1