Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability #2146

amin-kchaou · 2023-11-27T16:41:08Z

Versions: node@v16.20.2, linux@6.2.0-37-generic
nodemon: 3.0.1

Issue

nodemon uses debug@^3.2.7 which contains the CVE-2017-16137 vulnerability.
The earliest fix for this vulnerability is in debug@4.3.1. It would be appreciated it you could update nodemon's debug to that or higher.

The text was updated successfully, but these errors were encountered:

github-actions · 2023-12-01T18:49:39Z

🎉 This issue has been resolved in version 3.0.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

remy closed this as completed in 533ad9c Dec 1, 2023

github-actions bot added the released label Dec 1, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability #2146

Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability #2146

amin-kchaou commented Nov 27, 2023

github-actions bot commented Dec 1, 2023

Old version of debug dependency introduces CVE-2017-16137 vulnerability #2146

Old version of debug dependency introduces CVE-2017-16137 vulnerability #2146

Comments

amin-kchaou commented Nov 27, 2023

Issue

github-actions bot commented Dec 1, 2023

Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability #2146

Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability #2146