debug npm package suffers from CWE-1333 | Inefficient Regular Expression Complexity

[The-Duuude-dot]

Hi,
debug is used and imported by a wide array of npm packages.
It seems to suffer from the following vuln: Category CWE-1333 | Inefficient Regular Expression Complexity

CVE Details
Published: Dec 10, 2020
In NPM debug, the enable function accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than GHSA-gxpj-cx7g-858c.

Our security pipelines keep detecting this CVE.

Is the CVE legit ?

[Qix-]

No, and it's been addressed a ton already - multiple times. Please search the issues tracker next time.