A Regular expression denial-of-service vulnerability was found in nodejs-brace-expansion. Running a specially crafted command would cause the application to hang for long periods of time.
Created nodejs-brace-expansion tracking bugs for this issue:
Affects: fedora-all [bug 1448381]
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
Via RHSA-2020:2625 https://access.redhat.com/errata/RHSA-2020:2625
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
Red Hat Quay include brace-explansion as a build time dependency. It's not used at runtime and hence has a reduce impact of low.