BETA Shoulder is in beta — Findings may sometimes be wrong. Your feedback shapes what we fix next. Share feedback
Shoulder.dev

Understand what every change actually did to your system.
LOW PRIORITY FIX Monitor
This vulnerability is not widely exploited.
No urgency. Patch when a fix becomes available.

debug ReDoS

Regular expression denial of service in debug module

Severity CVSS MEDIUM 5.3
Exploitation Shoulder No known exploits
Fix available No patch yet
CVE-2017-16137 npm / debug

How to fix

Affected packages

npm debug

Is this in your code?

Shoulder scans your codebase and tells you if CVE-2017-16137 is reachable — not just present.

npx @shoulderdev/cli trust .
Technical details

Risk by Environment

Production (public-facing) MEDIUM
Schedule patch in next sprint.
Staging LOW
Patch when convenient.
Internal services LOW
Low priority unless handling sensitive data.
Local dev only LOW
Minimal concern for isolated environments.

Detection Rules 8 rules

CWE-400 8 rules

Uncontrolled Resource Consumption

LLM Denial of Service
Missing Request Size Limits
Denial of Service via Resource Exhaustion

External References

NVD View on NVD →
MITRE View on MITRE →
Back to Ecosystem Intelligence Browse CWE Index