CVE-2017-18077

Published January 27th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

juliangruber/brace-expansion

Brace expansion, as known from sh/bash, in JavaScript

GitHub

211