CVE-2017-16032
Published:May 19, 2026
Updated:May 20, 2026
brace-expansion before 1.1.7 are vulnerable to a regular expression denial of service.
Affected Packages
jsdom (CONDA):
Affected version(s) =11.0.0 <11.11.0Fix Suggestion:
Update to version 11.11.0nodejs (CONDA):
Affected version(s) >=4.2.6 <8.8.1Fix Suggestion:
Update to version 8.8.1azure-cli (CONDA):
Affected version(s) =0.10.3Fix Suggestion:
Update to version no_fixjquery (CONDA):
Affected version(s) =3.3.0 <3.4.0Fix Suggestion:
Update to version 3.4.0brace-expansion (NPM):
Affected version(s) >=0.0.0 <1.1.7Fix Suggestion:
Update to version 1.1.7nodejs.redist.x64 (NUGET):
Affected version(s) >=7.7.4 <8.0.0Fix Suggestion:
Update to version 8.0.0tslint (NUGET):
Affected version(s) >=2.4.5 <5.6.0Fix Suggestion:
Update to version 5.6.0nogit (NUGET):
Affected version(s) =0.1.0Fix Suggestion:
Update to version no_fixraml.parser (NUGET):
Affected version(s) >=1.0.0 <1.0.2Fix Suggestion:
Update to version 1.0.2nodejs.redist.x64 (NUGET):
Affected version(s) =7.7.3 <7.7.3.1Fix Suggestion:
Update to version 7.7.3.1nodebin (NUGET):
Affected version(s) =5.2.0Fix Suggestion:
Update to version no_fixncapsulate.bower (NUGET):
Affected version(s) >=1.3.12 <=1.3.12.1Fix Suggestion:
Update to version no_fixyarn.msbuild (NUGET):
Affected version(s) =0.21.3 <0.22.0Fix Suggestion:
Update to version 0.22.0angularjstypescriptbase (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixtools.npm (NUGET):
Affected version(s) =4.0.3-beta1Fix Suggestion:
Update to version no_fixz4a-dotnet-scaffold (NUGET):
Affected version(s) =1.0.0.1 <1.0.0.2Fix Suggestion:
Update to version 1.0.0.2npm (NUGET):
Affected version(s) >=2.14.14 <=3.5.2Fix Suggestion:
Update to version no_fixmidiator.webclient (NUGET):
Affected version(s) >=1.0.98 <1.0.105Fix Suggestion:
Update to version 1.0.105fable.template.elmish.react (NUGET):
Affected version(s) =0.1.5 <0.1.6Fix Suggestion:
Update to version 0.1.6npm3 (NUGET):
Affected version(s) =3.0.0-alpha0001Fix Suggestion:
Update to version no_fixkarmanodemodules (NUGET):
Affected version(s) >=1.0.0 <=1.0.1Fix Suggestion:
Update to version no_fixyarnpkg.yarn (NUGET):
Affected version(s) >=0.17.4 <0.26.1Fix Suggestion:
Update to version 0.26.1npm.js (NUGET):
Affected version(s) =2.13.1Fix Suggestion:
Update to version no_fixnugotdemo (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixapiexplorer.helppage (NUGET):
Affected version(s) >=1.0.0-alpha1 <1.0.0-alpha3Fix Suggestion:
Update to version 1.0.0-alpha3ncapsulate.node.shadow (NUGET):
Affected version(s) =5.3.0Fix Suggestion:
Update to version no_fixbetclic.buildtools.node (NUGET):
Affected version(s) >=1.0.0 <=1.0.6Fix Suggestion:
Update to version no_fixncapsulate.node (NUGET):
Affected version(s) >=0.10.35 <=0.10.35.1Fix Suggestion:
Update to version no_fixnode-sass-bundle (NUGET):
Affected version(s) >=1.0.0 <=1.1.0Fix Suggestion:
Update to version no_fixncapsulate.gulp (NUGET):
Affected version(s) >=3.8.10 <=3.8.10.1Fix Suggestion:
Update to version no_fixlesshint (NUGET):
Affected version(s) >=2.0.0 <=2.0.1Fix Suggestion:
Update to version no_fixraml.parser (NUGET):
Affected version(s) >=1.0.5 <2.0.0Fix Suggestion:
Update to version 2.0.0entityframework.lookuptables (NUGET):
Affected version(s) >=1.1.12.119 <1.1.14.119Fix Suggestion:
Update to version 1.1.14.119dreamfactory/df-api-docs-ui (PHP):
Affected version(s) >=1.0.0 <1.1.0Fix Suggestion:
Update to version 1.1.0ryanvade/flarum-ext-login-redirect (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixhydrawiki/lessoid (PHP):
Affected version(s) =1.0.0 <2.0.0Fix Suggestion:
Update to version 2.0.0humanmade/coding-standards (PHP):
Affected version(s) >=0.1.0 <dev-dependabot/npm_and_yarn/json-schema-0.4.0Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/json-schema-0.4.0z3/t3build-node (PHP):
Affected version(s) =dev-master <1.0.11Fix Suggestion:
Update to version 1.0.11mpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-master <1.0.0.x-devFix Suggestion:
Update to version 1.0.0.x-devspiral/toolkit (PHP):
Affected version(s) >=v0.8.14 <v0.8.18Fix Suggestion:
Update to version v0.8.18chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =dev-dev <dev-form-field-keyFix Suggestion:
Update to version dev-form-field-keyiget-master/material-admin (PHP):
Affected version(s) =dev-issue-18 <dev-L51Fix Suggestion:
Update to version dev-L51yuan1994/wechat_web_devtools (PHP):
Affected version(s) >=dev-core <0.15.152901-coreFix Suggestion:
Update to version 0.15.152901-coreabedinia/heisenberg (PHP):
Affected version(s) =dev-master <0.0.1Fix Suggestion:
Update to version 0.0.1bibcnrs/wp-ebsco-widget (PHP):
Affected version(s) >=0.2.2 <0.3.0Fix Suggestion:
Update to version 0.3.0ristorantino/aditions (PHP):
Affected version(s) =dev-master <dev-master-ko-js-updateFix Suggestion:
Update to version dev-master-ko-js-updatechrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=0.0.18 <0.0.56Fix Suggestion:
Update to version 0.0.56binh/mentions (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixchrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =0.0.4 <0.0.11Fix Suggestion:
Update to version 0.0.11mpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-php7Fix Suggestion:
Update to version no_fixspiral/toolkit (PHP):
Affected version(s) =v0.8.19 <v0.8.20Fix Suggestion:
Update to version v0.8.20contentasaurus/c-rex-admin (PHP):
Affected version(s) >=v1.0.2 <v1.0.7Fix Suggestion:
Update to version v1.0.7contentasaurus/c-rex-admin (PHP):
Affected version(s) =v1.0.0 <v1.0.1Fix Suggestion:
Update to version v1.0.1kayrules/solatjakim-api-site (PHP):
Affected version(s) =dev-master <dev-version-1.0Fix Suggestion:
Update to version dev-version-1.0lufangyu1217/demo (PHP):
Affected version(s) =dev-bugfix/we-hate-exam <dev-developFix Suggestion:
Update to version dev-developoburatongoi/productivity (PHP):
Affected version(s) >=0.0.9 <0.0.13Fix Suggestion:
Update to version 0.0.13ymcatwincities/openy-cibox-vm (PHP):
Affected version(s) =dev-master <dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebeFix Suggestion:
Update to version dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebeilhanet/erpnet-widget-resource (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixdatitisev/flarum-ext-moderator-notes (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixymcatwincities/openy-cibox-vm (PHP):
Affected version(s) >=dev-snyk-fix-19013f5e293df9c71f68bf9631fba9f2 <dev-snyk-fix-45a393004964497d68443389076d755aFix Suggestion:
Update to version dev-snyk-fix-45a393004964497d68443389076d755aspiral/toolkit (PHP):
Affected version(s) >=v0.8.24 <v0.9.0Fix Suggestion:
Update to version v0.9.0urre/postpone (PHP):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixoburatongoi/productivity (PHP):
Affected version(s) >=0.1.0 <0.3.36Fix Suggestion:
Update to version 0.3.36ymcatwincities/openy-cibox-vm (PHP):
Affected version(s) =dev-snyk-upgrade-c10ea3c8666b5b22429d3e747ff879aa <dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425Fix Suggestion:
Update to version dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425neon-sys (RUST):
Affected version(s) =0.1.10 <0.1.11Fix Suggestion:
Update to version 0.1.11Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
4.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH