Denial Of Service (DoS)

brace-expansion is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of brace patterns with a zero step value, which allows an attacker to trigger infinite loops and excessive memory consumption...

OESA-2026-1835 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run...

CVE-2026-33750

A flaw was found in the brace-expansion library, a component used for generating strings based on patterns. A remote attacker could exploit this vulnerability by providing a specially crafted brace pattern that includes a zero step value. This malicious input causes the library's sequence...

UBUNTU-CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...