Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update debug dependency (memory leak leading to vulnerability) #486

Closed
cmotsn opened this issue Jan 13, 2023 · 1 comment
Closed

Update debug dependency (memory leak leading to vulnerability) #486

cmotsn opened this issue Jan 13, 2023 · 1 comment
Labels

Comments

@cmotsn
Copy link

cmotsn commented Jan 13, 2023

Context: the body-parser lib is included as a nested dependency in our application.
We use Checkmarx to scan for security vulnerabilities, and it indicates a vulnerability due to the usage of a version of the debug dependency which contains a memory leak.

Updating the debug package to 4.3.x would remove the vulnerability.

@cmotsn cmotsn closed this as completed Jan 13, 2023
@cmotsn cmotsn reopened this Jan 13, 2023
@dougwilson
Copy link
Contributor

Hi @cmotsn thanks for your report! The memory leak mentioned in there seems to only apply to 3.x and 4.x as stated by the project in the links. The https://checkmarx.com/blog/some-vulnerabilities-dont-have-a-name/ link you provided helpfully provides a POC to check for the issue as well, and following those steps it verifies that 2.6.9 is not vulnerable to the leak. You can verify yourself at https://github.com/MarioTeixeiraCx/POCs and installing debug@2.6.9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants