Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled Resource Consumption in @isaacs/brace-expansion
Vulnerability Description
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
brace-expansion 安全漏洞
Vulnerability Description
brace-expansion是Julian Gruber个人开发者的一个JavaScript中的Brace扩展。 brace-expansion 5.0.1之前版本存在安全漏洞,该漏洞源于无界的括号范围扩展,可能导致正则表达式拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A