Debian Node-Brace-Expansion vulnerabilities

CVE-2026-25547 [CRITICAL] CVE-2026-25547: node-brace-expansion - @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. ... @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possib

CVE-2026-33750 [MEDIUM] CVE-2026-33750: node-brace-expansion - The brace-expansion library generates arbitrary strings containing a common pref... The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.

CVE-2025-5889 [LOW] CVE-2025-5889: node-brace-expansion - A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0... A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation

CVE-2017-18077 [HIGH] CVE-2017-18077: node-brace-expansion - index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Den... index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters. Scope: local bookworm: resolved (fixed in 1.1.8-1) bullseye: resolved (fixed in 1.1.8-1) forky: resolved (fixed in 1.1.8-1) sid: resolved (fixed in 1.1.8-1) trixie: resolv