Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 2:51 p.m.7 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/30 11:25 a.m.4 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted strin...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 11:25 a.m.7 views

Inefficient Algorithmic Complexity

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:16 a.m.11 views

UBUNTU-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 8:30 a.m.70 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/27 2:4 p.m.3 views

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

7.5CVSS5.4AI score0.0043EPSS
Exploits0
Redos
Redos
added 2026/03/27 12:0 a.m.5 views

ROS-20260327-73-0003

A vulnerability in the expand function of the juliangruber/brace-expansion library of the Node.js software platform involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

3.1CVSS6.3AI score0.00459EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/14 3:7 p.m.25 views

CVE-2025-71134 mm/page_alloc: change all pageblocks migrate type on coalescing

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...

0.00115EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-9700

Malicious code in bioql PyPI...

7.3CVSS6.4AI score0.00391EPSS
Exploits0References4
OSV
OSV
added 2025/06/20 1:26 p.m.5 views

OESA-2025-1645 nodejs-brace-expansion security update

Brace expansion as known from sh/bash Security Fixes: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular...

3.1CVSS6.1AI score0.00459EPSS
Exploits0References2
OSV
OSV
added 2025/06/09 7:15 p.m.5 views

AZL-63692 CVE-2025-5889 affecting package nodejs-nodemon 2.0.3-5

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

3.1CVSS4.9AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2025/06/09 7:15 p.m.5 views

AZL-63707 CVE-2025-5889 affecting package nodejs-nodemon 2.0.3-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

3.1CVSS4.5AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2025/06/09 7:15 p.m.7 views

AZL-63689 CVE-2025-5889 affecting package js-jquery 3.5.0-4

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

3.1CVSS4.9AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 6:16 p.m.26 views

CVE-2025-5889 juliangruber brace-expansion index.js expand redos

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

3.1CVSS0.00459EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.3 views

brace-expansion 安全漏洞

brace-expansion is a Brace extension in JavaScript by the individual developer Julian Gruber. A security vulnerability exists in brace-expansion version 1.1.11 and earlier, which stems from an inefficient regular expression complexity in the function expand...

3.1CVSS4.3AI score0.00459EPSS
Exploits0References10
Snyk
Snyk
added 2025/04/22 9:4 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.juliangruber:brace-expansion is a bower github webjar of the brace-expansion package Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long...

3.1CVSS6.4AI score0.00459EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/22 9:4 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long malicious inputs. PoC js import index from...

3.1CVSS6.8AI score0.00459EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/06 5:25 a.m.18 views

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

7.3CVSS6.7AI score0.00391EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/04 6:34 a.m.10 views

expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

7.3CVSS6.9AI score0.00391EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/04 6:34 a.m.10 views

GHSA-4VJR-HFPP-2M7W expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

7.3CVSS5.8AI score0.00391EPSS
Exploits0References5
Rows per page
Query Builder