CVE-2017-18077

Priority
Description
index.js in brace-expansion before 1.1.7 is vulnerable to Regular
Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand
argument containing many comma characters.
Notes
Package
Upstream:released (1.1.8-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2020-01-29 19:58:49 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)