Vulnerability: Regular Expression Denial of Service (ReDoS) in brace-expansion before 1.1.7

Vulnerability: Regular Expression Denial of Service (ReDoS) in brace-expansion before 1.1.7

CVE-2017-18077 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

Learn more about our Web Application Penetration Testing UK.