Bug 2371270 (CVE-2025-5889)
| Summary: | CVE-2025-5889 brace-expansion: juliangruber brace-expansion index.js expand redos | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aarif, aazores, abrianik, ahrabovs, alcohan, amctagga, anjoseph, aoconnor, aprice, aschwart, asoldano, ataylor, aucunnin, bbaranow, bdettelb, bmaxwell, bniver, boliveir, brian.stansberry, bsmejkal, caswilli, cdewolf, chfoley, cmah, cmiranda, crizzo, darran.lofthouse, davidn, dbruscin, dfreiber, dhanak, dkreling, dkuc, doconnor, dosoudil, dranck, drosa, drow, dymurray, eaguilar, ebaron, erack, eric.wittmann, fjansen, fjuma, flucifre, ggrzybek, gmalinko, gmeno, gotiwari, gparvin, haoli, hkataria, ibek, ibolton, istudens, ivassile, iweiss, jachapma, jajackso, janstey, jburrell, jcammara, jcantril, jhorak, jkoehler, jmatthew, jmitchel, jmontleo, jneedle, jolong, jprabhak, jrokos, jross, jscholz, jwong, kaycoth, kegrant, koliveir, kshier, kvanderr, kverlaen, lchilton, lgao, lphiri, mabashia, manissin, mbenjamin, mhackett, mnovotny, mosmerov, mpierce, mposolda, msochure, mstoklus, msvehla, mvyas, nipatil, njean, nwallace, owatkins, pahickey, pantinor, parichar, pbizzarr, pbraun, pcongius, pdelbell, periklis, pesilva, pgaikwad, pjindal, pmackay, progier, rhaigner, rjohnson, rkieley, rkubis, rojacob, rstancel, rstepani, sausingh, sdawley, sfeifer, shvarugh, simaishi, slucidi, smaestri, smcdonal, sostapov, spichugi, sseago, ssidhaye, ssilvert, stcannon, sthorger, swoodman, tasato, tbordaz, teagle, tfister, thavo, tom.jenkinson, tpopela, ttakamiy, vashirov, vereddy, vkumar, vmuzikar, wtam, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2373709, 2373712, 2373714, 2373299, 2373300 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-06-09 19:01:06 UTC
|