Cx8bc4df28-fcf5 @ Npm-debug-2.6.9

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/Cx8bc4df28-fcf5) about Cx8bc4df28-fcf5
**Checkmarx Project:** [cx\-boris\-goman/AutoPR](https://rel-candidate.perf.cxast.net/projects/4f3b5075-3c86-4854-8fd3-efd609980d39/overview?branch=kid)
**Repository URL:** [https://github.com/cx\-boris\-goman/AutoPR](https://github.com/cx-boris-goman/AutoPR)
**Branch:** kid
**Scan ID:** [bfaa74de\-6358\-4edb\-a528\-1d669bc0863c](https://rel-candidate.perf.cxast.net/projects/4f3b5075-3c86-4854-8fd3-efd609980d39/scans?id=bfaa74de-6358-4edb-a528-1d669bc0863c&branch=kid)


----
In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** HIGH
**Confidentiality impact:** NONE
**Availability impact:** LOW
**Remediation Upgrade Recommendation:** 4.4.0


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cx8bc4df28-fcf5 @ Npm-debug-2.6.9 #403

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cx8bc4df28-fcf5 @ Npm-debug-2.6.9 #403

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions