CVE-2017-16023

NameCVE-2017-16023
DescriptionDecamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-decamelize (PTS)bullseye4.0.0-1fixed
forky, sid, bookworm, trixie4.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-decamelizesource(unstable)(not affected)

Notes

- node-decamelize <not-affected> (Fixed before initial upload to Debian)
https://github.com/sindresorhus/decamelize/issues/5
https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0
nodejs not covered by security support
Search for package or bug name: Reporting problems