漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to expand(), directly or transitively, can cause significant CPU consumption and event-loop blocking. The max option does not mitigate this, as it bounds the output size rather than the recursion work.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
juliangruber brace-expansion 资源管理错误漏洞
Vulnerability Description
juliangruber brace-expansion是juliangruber的npm 包。 juliangruber brace-expansion 5.0.6及之前版本存在资源管理错误漏洞,该漏洞源于expand()函数在处理连续非扩展'{}'大括号组时呈指数时间复杂性,可能导致攻击者通过传递特制字符串直接或间接调用expand(),造成显著的CPU消耗和事件循环阻塞。
CVSS Information
N/A
Vulnerability Type
N/A