Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-16032

Good to know:

icon
icon

Date: July 21, 2020

brace-expansion before 1.1.7 are vulnerable to a regular expression denial of service.

Language: Java

Severity Score

Related Resources (3)

https://nvd.nist.gov/vuln/detail/CVE-2017-16032
https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3
https://www.mend.io/vulnerability-database/CVE-2017-16032

Severity Score

Top Fix

icon

Upgrade Version

Upgrade to version lesshint - no_fix;nodejs - 8.8.1;ryanvade/flarum-ext-login-redirect - no_fix;Tools.Npm - no_fix;NugotDemo - no_fix;Nodejs.Redist.x64 - 8.0.0;Nodejs.Redist.x64 - 7.7.3.1;azure-cli - no_fix;ymcatwincities/openy-cibox-vm - no_fix;ymcatwincities/openy-cibox-vm - dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425;ymcatwincities/openy-cibox-vm - dev-snyk-fix-45a393004964497d68443389076d755a;ymcatwincities/openy-cibox-vm - dev-snyk-fix-84e446cbc8aa1506ed55902e1b08c080;ymcatwincities/openy-cibox-vm - dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebe;contentasaurus/c-rex-admin - v1.0.7;contentasaurus/c-rex-admin - v1.0.1;spiral/toolkit - v0.8.18;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.20;binh/mentions - no_fix;humanmade/coding-standards - dev-dependabot/npm_and_yarn/json-schema-0.4.0;AngularJsTypeScriptBase - no_fix;neon-sys - 0.1.11;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.11;chrisbraybrooke/laravel-ecommerce - 0.0.56;urre/postpone - no_fix;ilhanet/erpnet-widget-resource - no_fix;abedinia/heisenberg - 0.0.1;kayrules/solatjakim-api-site - dev-version-1.0;jquery - 3.4.0;MIDIator.WebClient - 1.0.105;Raml.Parser - 1.0.2;Raml.Parser - 2.0.0;Fable.Template.Elmish.React - 0.1.6;z3/t3build-node - 1.0.11;Ncapsulate.Gulp - no_fix;hydrawiki/lessoid - 2.0.0;NodeBin - no_fix;Npm.js - no_fix;brace-expansion - 1.1.7;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;yuan1994/wechat_web_devtools - 0.15.152901-core;Ncapsulate.Node - no_fix;lufangyu1217/demo - dev-develop;tslint - 5.6.0;z4a-dotnet-scaffold - 1.0.0.2;Ncapsulate.Bower - no_fix;jsdom - 11.11.0;ApiExplorer.HelpPage - 1.0.0-alpha3;bibcnrs/wp-ebsco-widget - 0.3.0;iget-master/material-admin - dev-L51;ristorantino/aditions - dev-master-ko-js-update;oburatongoi/productivity - 0.3.36;oburatongoi/productivity - 0.0.13;datitisev/flarum-ext-moderator-notes - no_fix;Ncapsulate.Node.Shadow - no_fix;EntityFramework.LookupTables - 1.1.14.119;Yarn.MSBuild - 0.22.0;dreamfactory/df-api-docs-ui - 1.1.0;node-sass-bundle - no_fix;Betclic.BuildTools.Node - no_fix;Npm3 - no_fix;NoGit - no_fix;Yarnpkg.Yarn - 0.26.1;KarmaNodeModules - no_fix;Npm - no_fix;org.webjars.npm:bourbon-neat:2.1.0;org.webjars:browser-sync:no_fix;org.webjars:npm:4.0.2;org.webjars:npm:4.4.4;org.webjars.npm:brace-expansion:1.1.7;org.webjars.npm:bower:1.8.12

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): HIGH

Do you need more information?

Contact Us