All vulnerabilities

CVE-2017-18077

ReDoS in brace-expansion

Description

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition.

Proof of Concept

var expand = require('brace-expansion');
expand('{,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n}');

Recommendation

Update to version 1.1.7 or later.

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
Severity
Ecosystem
JavaScript
Publish Date
January 29, 2018
Modified Date
November 7, 2023
Score Vector
Affected Versions