debug ReDoS
Regular expression denial of service in debug module
Severity CVSS
MEDIUM 5.3
Exploitation Shoulder
No known exploits
Fix available
No patch yet
How to fix
Affected packages
npm
debug
Is this in your code?
Shoulder scans your codebase and tells you if CVE-2017-16137 is reachable — not just present.
npx @shoulderdev/cli trust .
Technical details
Risk by Environment
Production (public-facing)
MEDIUM
Schedule patch in next sprint.
Staging
LOW
Patch when convenient.
Internal services
LOW
Low priority unless handling sensitive data.
Local dev only
LOW
Minimal concern for isolated environments.