Published: 27/01/2018 Updated: 15/02/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

index.js in brace-expansion prior to 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
brace expansion project brace expansion

Synopsis Moderate: rh-nodejs8-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs8-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Debian Bug report logs - #862712 node-brace-expansion: CVE-2017-18077: regular expression denial of service Package: node-brace-expansion; Maintainer for node-brace-expansion is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-brace-expansion is src:node-brace-expansion (PTS, buildd, popc ...

indexjs in brace-expansion before 117 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters ...

CWE-20 https://nodesecurity.io/advisories/338 https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3 https://github.com/juliangruber/brace-expansion/issues/33 https://bugs.debian.org/862712 https://access.redhat.com/errata/RHSA-2020:2625 https://nvd.nist.gov

CVE-2017-18077

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect