2 matches found
DEBIAN-CVE-2026-13149
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...
CVE-2026-4926
CVE-2026-4926 affects path-to-regexp where multiple sequential optional groups (e.g., {a}{b}{c}) cause the generated regular expression to grow exponentially, leading to denial of service. Connected sources confirm the impact and provide the remediation: a patch is released in version 8.4.0. Work...