CVE-2017-18077

Опубликовано: 27 янв. 2018

Источник: debian

EPSS Низкий

Описание

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-brace-expansion	fixed	1.1.8-1		package
node-brace-expansion	fixed	1.1.6-1+deb9u1	stretch	package

Примечания

https://nodesecurity.io/advisories/338
https://github.com/juliangruber/brace-expansion/issues/33
https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3
nodejs not covered by security support

EPSS

Процентиль: 66%

0.0052

Низкий

Связанные уязвимости

CVE-2017-18077

CVSS3: 7.5

ubuntu

около 8 лет назад

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

CVE-2017-18077

CVSS3: 5.3

redhat

почти 9 лет назад

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

CVE-2017-18077

CVSS3: 7.5

nvd

около 8 лет назад

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

GHSA-832h-xg76-4gv6

CVSS3: 7.5

github

около 8 лет назад

ReDoS in brace-expansion

EPSS

Процентиль: 66%

0.0052

Низкий