Количество 8
Количество 8
GHSA-7h2j-956f-4vf2
@isaacs/brace-expansion has Uncontrolled Resource Consumption
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-e ...
openSUSE-SU-2026:20261-1
Security update for openQA, os-autoinst, openQA-devel-container
BDU:2026-01718
Уязвимость библиотеки juliangruber/brace-expansion программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2026:20239-1
Security update for golang-github-prometheus-prometheus
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-7h2j-956f-4vf2 @isaacs/brace-expansion has Uncontrolled Resource Consumption | 0% Низкий | около 2 месяцев назад | |
 | CVE-2026-25547 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1. | 0% Низкий | около 2 месяцев назад | |
 | CVE-2026-25547 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1. | CVSS3: 6.5 | 0% Низкий | около 2 месяцев назад |
 | CVE-2026-25547 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1. | 0% Низкий | около 2 месяцев назад | |
| CVE-2026-25547 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-e ... | 0% Низкий | около 2 месяцев назад | |
 | openSUSE-SU-2026:20261-1 Security update for openQA, os-autoinst, openQA-devel-container | 0% Низкий | около 1 месяца назад | |
 | BDU:2026-01718 Уязвимость библиотеки juliangruber/brace-expansion программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 8.6 | 0% Низкий | около 2 месяцев назад |
| openSUSE-SU-2026:20239-1 Security update for golang-github-prometheus-prometheus | около 1 месяца назад |
Уязвимостей на страницу