Vulnerabilities

1 via 2 paths

Dependencies

81

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Inefficient Algorithmic Complexity

  • Vulnerable module: brace-expansion
  • Introduced through: googleapis-common@8.0.2

Detailed paths

  • Introduced through: googleapis@googleapis/google-api-nodejs-client googleapis-common@8.0.2 gaxios@7.1.3 rimraf@5.0.10 glob@10.5.0 minimatch@9.0.9 brace-expansion@2.1.1
  • Introduced through: googleapis@googleapis/google-api-nodejs-client googleapis-common@8.0.2 google-auth-library@10.5.0 gcp-metadata@8.1.3 gaxios@7.1.3 rimraf@5.0.10 glob@10.5.0 minimatch@9.0.9 brace-expansion@2.1.1

Overview

brace-expansion is a Brace expansion as known from sh/bash

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string containing multiple consecutive non-expanding '{}' brace groups. The max option does not prevent this issue, as it only limits the output size and not the computational workload.

Remediation

Upgrade brace-expansion to version 5.0.7 or higher.

References