Lucene search
K

11 matches found

NVD
NVD
added 2026/06/30 10:16 a.m.11 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 8:30 a.m.37 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 8:30 a.m.64 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 8:16 p.m.16 views

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

7.5CVSS0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 8:16 p.m.8 views

UBUNTU-CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:55 p.m.10 views

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

6.5CVSS5.9AI score0.00278EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/29 7:55 p.m.17 views

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

7.5CVSS5.9AI score0.00278EPSS
Exploits0
EUVD
EUVD
added 2026/05/29 7:55 p.m.14 views

EUVD-2026-33442

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

6.5CVSS5.9AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

brace-expansion 资源管理错误漏洞

Brace-expansion is a JavaScript extension developed by Julian Gruber. Versions of Brace-expansion 5.0.0 to 5.0.6 had a resource management vulnerability. This vulnerability stemmed from the max option being applied too late. When expanding a large range of values, the sequence generation loop...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/18 4:22 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust system...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 4:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the max option being applied after generating all elements in a large numeric range. An attacker can exhaust...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Rows per page
Query Builder