ReDoS in brace-expansion
High severity
GitHub Reviewed
Published
Jan 29, 2018
to the GitHub Advisory Database
•
Updated Apr 11, 2023
Description
Published to the GitHub Advisory Database
Jan 29, 2018
Reviewed
Jun 16, 2020
Last updated
Apr 11, 2023
Affected versions of
brace-expansion
are vulnerable to a regular expression denial of service condition.Proof of Concept
Recommendation
Update to version 1.1.7 or later.
References