VYPR

Brace Expansion

by Juliangruber

Source repositories

CVEs (3)

  • CVE-2026-45149MedMay 29, 2026
    risk 0.35cvss 6.5epss 0.00

    The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10…

  • CVE-2026-33750MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the…

  • CVE-2025-5889LowJun 9, 2025
    risk 0.13cvss 3.1epss 0.00

    A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be…