Your submission was sent successfully! Close

CVE-2017-18077

Published: 27 January 2018

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

Priority

Unknown

CVSS 3 base score: 7.5

Status

Package Release Status
node-brace-expansion
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.1.8-1)
precise Does not exist

trusty Does not exist

upstream
Released (1.1.8-1)
xenial Does not exist