You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I don't know where to put this obvious suggestion, but it seems like this issue gets created multiple times and then summarily closed off.
Rather to ask for an ETA on a fix (the author has made it explicitly clear there will be no fix), consider that checkmarx does allow suppression of a vulnerability.
The CVE reads "Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service)." If you identified that this NPM is NOT used on a browser, or some front-end where there is some possibility of injection, you could safely assume that this is not exploitable and close it off. Most likely, debug is used on the backend of your applications.
Hope this helps.
The text was updated successfully, but these errors were encountered:
rinturaj
added a commit
to rinturaj/debug
that referenced
this issue
Aug 21, 2024
Sadly I have the same problem with this. And also, in my workplace exists a cibersecurity policy that rescricts the use of checkmarx's vulnerable dependencies :(
Could you please review PR fix? It seems a good solution for it.
Hi, I don't know where to put this obvious suggestion, but it seems like this issue gets created multiple times and then summarily closed off.
Rather to ask for an ETA on a fix (the author has made it explicitly clear there will be no fix), consider that checkmarx does allow suppression of a vulnerability.
The CVE reads "Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service)." If you identified that this NPM is NOT used on a browser, or some front-end where there is some possibility of injection, you could safely assume that this is not exploitable and close it off. Most likely, debug is used on the backend of your applications.
Hope this helps.
The text was updated successfully, but these errors were encountered: