Regular Expression Denial of Service in debug

Question

Regular Expression Denial of Service in debug

VMBindraban opened this issue 8 months ago · comments

Vijay Bindraban commented 8 months ago

Description

Regular Expression Denial of Service in debug - GHSA-gxpj-cx7g-858c

Seems #743 is back.

Details

Which version of the App Center SDK are you using?
- 5.0.0

node_modules/appcenter-link-scripts/node_modules/debug
  appcenter-link-scripts  >=2.5.0
  Depends on vulnerable versions of debug
  node_modules/appcenter-link-scripts
    appcenter  >=2.5.0
    Depends on vulnerable versions of appcenter-link-scripts
    node_modules/appcenter
      appcenter-analytics  >=2.5.0
      Depends on vulnerable versions of appcenter
      node_modules/appcenter-analytics
      appcenter-crashes  >=2.5.0
      Depends on vulnerable versions of appcenter
      node_modules/appcenter-crashes

Dima · Answer 1 · Wed Nov 08 2023 16:02:04 GMT+0800 (China Standard Time)

@VMBindraban , thank you for reaching out!
We've already fixed and merged it here #1018.
However, it is not released yet. We will update this thread once the fix is released.

nathfy · Answer 2 · Thu Dec 21 2023 23:29:11 GMT+0800 (China Standard Time)

@DmitriyKirakosyan Any idea when the next release is due? as both this and inflight and flagged by snyk:

Anatoly Pristensky · Answer 3 · Fri Jan 19 2024 18:57:37 GMT+0800 (China Standard Time)

Hello @nathfy this fix available in new 5.0.1 version.