CVE-2017-18077

CVE-2017-18077

EPSS 2.6%

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugs.debian.org/862712 https://github.com/juliangruber/brace-expansion/issues/33 https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3 https://nodesecurity.io/advisories/338