Описание
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
Ссылки
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.7 (исключая)
cpe:2.3:a:brace_expansion_project:brace_expansion:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.0052
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 8 лет назад
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
CVSS3: 5.3
redhat
почти 9 лет назад
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
CVSS3: 7.5
debian
около 8 лет назад
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expr ...
EPSS
Процентиль: 66%
0.0052
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20