index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-27T12:00:00Z
Updated: 2024-09-17T00:56:19.603Z
Reserved: 2018-01-27T00:00:00Z
Link: CVE-2017-18077
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-01-27T12:29:00.217
Modified: 2018-02-15T18:14:54.207
Link: CVE-2017-18077
Redhat