You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I'll start by mentioning that this is not the same regexp vulnerability CVE-2017-20165 as mentioned in 2657, 2658 and 2659.
This potential vulnerability has been found by the Checkmarx tool (see the example section in this page) in debug package, due to a memory leak issue that was fixed in debug 4.3.0 (and sadly not backported to 3.x).
I have no idea whether or not this potential vulnerability is confirmed in the eslint-import-resolver-node package.
The text was updated successfully, but these errors were encountered:
A memory leak isn't automatically a vulnerability - in this case, your own linting run could have a problem, but it's not an attack or a vulnerability.
As such, while it'd be great if the fix was backported to debug v3, I don't consider it an argument in favor of a breaking change.
Hi,
I'll start by mentioning that this is not the same regexp vulnerability CVE-2017-20165 as mentioned in 2657, 2658 and 2659.
This potential vulnerability has been found by the Checkmarx tool (see the example section in this page) in debug package, due to a memory leak issue that was fixed in debug 4.3.0 (and sadly not backported to 3.x).
I have no idea whether or not this potential vulnerability is confirmed in the eslint-import-resolver-node package.
The text was updated successfully, but these errors were encountered: