ReDoS

Module: brace-expansion

Published: April 25th, 2017

Reported by: myvyang

CVE-NONE

CWE-

Vulnerable: <=1.1.6
Patched: >=1.1.7

Overview

brace-expansion is a module to support bash-like brace expansion in JavaScript. For example,{1,2,3,4} would expand to 1 2 3 4. brace expansion versions before 1.1.7 are vulnerable to Regular Expression Denial of Service attacks. A proof of concept is provided below:

var expand = require('brace-expansion');
expand('{,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n}');

Remediation

Upgrade to version 1.1.7 or later.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo