CVE-2017-16032
Published:May 19, 2026
Updated:May 20, 2026
brace-expansion before 1.1.7 are vulnerable to a regular expression denial of service.
Affected Packages
nodejs (CONDA):
Affected version(s) >=4.2.6 <8.8.1Fix Suggestion:
Update to version 8.8.1azure-cli (CONDA):
Affected version(s) =0.10.3Fix Suggestion:
Update to version no_fixjsdom (CONDA):
Affected version(s) =11.0.0 <11.11.0Fix Suggestion:
Update to version 11.11.0jquery (CONDA):
Affected version(s) =3.3.0 <3.4.0Fix Suggestion:
Update to version 3.4.0brace-expansion (NPM):
Affected version(s) >=0.0.0 <1.1.7Fix Suggestion:
Update to version 1.1.7ncapsulate.bower (NUGET):
Affected version(s) >=1.3.12 <=1.3.12.1Fix Suggestion:
Update to version no_fixnogit (NUGET):
Affected version(s) =0.1.0Fix Suggestion:
Update to version no_fixnodebin (NUGET):
Affected version(s) =5.2.0Fix Suggestion:
Update to version no_fixmidiator.webclient (NUGET):
Affected version(s) >=1.0.98 <1.0.105Fix Suggestion:
Update to version 1.0.105karmanodemodules (NUGET):
Affected version(s) >=1.0.0 <=1.0.1Fix Suggestion:
Update to version no_fixraml.parser (NUGET):
Affected version(s) >=1.0.5 <2.0.0Fix Suggestion:
Update to version 2.0.0tslint (NUGET):
Affected version(s) >=2.4.5 <5.6.0Fix Suggestion:
Update to version 5.6.0nugotdemo (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixnpm.js (NUGET):
Affected version(s) =2.13.1Fix Suggestion:
Update to version no_fixnode-sass-bundle (NUGET):
Affected version(s) >=1.0.0 <=1.1.0Fix Suggestion:
Update to version no_fixtools.npm (NUGET):
Affected version(s) =4.0.3-beta1Fix Suggestion:
Update to version no_fixncapsulate.node.shadow (NUGET):
Affected version(s) =5.3.0Fix Suggestion:
Update to version no_fixyarnpkg.yarn (NUGET):
Affected version(s) >=0.17.4 <0.26.1Fix Suggestion:
Update to version 0.26.1raml.parser (NUGET):
Affected version(s) >=1.0.0 <1.0.2Fix Suggestion:
Update to version 1.0.2ncapsulate.gulp (NUGET):
Affected version(s) >=3.8.10 <=3.8.10.1Fix Suggestion:
Update to version no_fixlesshint (NUGET):
Affected version(s) >=2.0.0 <=2.0.1Fix Suggestion:
Update to version no_fixnodejs.redist.x64 (NUGET):
Affected version(s) =7.7.3 <7.7.3.1Fix Suggestion:
Update to version 7.7.3.1angularjstypescriptbase (NUGET):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixapiexplorer.helppage (NUGET):
Affected version(s) >=1.0.0-alpha1 <1.0.0-alpha3Fix Suggestion:
Update to version 1.0.0-alpha3npm3 (NUGET):
Affected version(s) =3.0.0-alpha0001Fix Suggestion:
Update to version no_fixfable.template.elmish.react (NUGET):
Affected version(s) =0.1.5 <0.1.6Fix Suggestion:
Update to version 0.1.6betclic.buildtools.node (NUGET):
Affected version(s) >=1.0.0 <=1.0.6Fix Suggestion:
Update to version no_fixz4a-dotnet-scaffold (NUGET):
Affected version(s) =1.0.0.1 <1.0.0.2Fix Suggestion:
Update to version 1.0.0.2nodejs.redist.x64 (NUGET):
Affected version(s) >=7.7.4 <8.0.0Fix Suggestion:
Update to version 8.0.0yarn.msbuild (NUGET):
Affected version(s) =0.21.3 <0.22.0Fix Suggestion:
Update to version 0.22.0ncapsulate.node (NUGET):
Affected version(s) >=0.10.35 <=0.10.35.1Fix Suggestion:
Update to version no_fixentityframework.lookuptables (NUGET):
Affected version(s) >=1.1.12.119 <1.1.14.119Fix Suggestion:
Update to version 1.1.14.119npm (NUGET):
Affected version(s) >=2.14.14 <=3.5.2Fix Suggestion:
Update to version no_fixcontentasaurus/c-rex-admin (PHP):
Affected version(s) =v1.0.0 <v1.0.1Fix Suggestion:
Update to version v1.0.1ristorantino/aditions (PHP):
Affected version(s) =dev-master <dev-master-ko-js-updateFix Suggestion:
Update to version dev-master-ko-js-updateymcatwincities/openy-cibox-vm (PHP):
Affected version(s) =dev-snyk-upgrade-c10ea3c8666b5b22429d3e747ff879aa <dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425Fix Suggestion:
Update to version dev-snyk-fix-5c35a6fcce9a99be5f2075759c8a3425binh/mentions (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixryanvade/flarum-ext-login-redirect (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixdreamfactory/df-api-docs-ui (PHP):
Affected version(s) >=1.0.0 <1.1.0Fix Suggestion:
Update to version 1.1.0chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =dev-dev <dev-form-field-keyFix Suggestion:
Update to version dev-form-field-keybibcnrs/wp-ebsco-widget (PHP):
Affected version(s) >=0.2.2 <0.3.0Fix Suggestion:
Update to version 0.3.0datitisev/flarum-ext-moderator-notes (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixmpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-php7Fix Suggestion:
Update to version no_fixcontentasaurus/c-rex-admin (PHP):
Affected version(s) >=v1.0.2 <v1.0.7Fix Suggestion:
Update to version v1.0.7mpcmf/mpcmf-web-app (PHP):
Affected version(s) =dev-master <1.0.0.x-devFix Suggestion:
Update to version 1.0.0.x-devz3/t3build-node (PHP):
Affected version(s) =dev-master <1.0.11Fix Suggestion:
Update to version 1.0.11oburatongoi/productivity (PHP):
Affected version(s) >=0.0.9 <0.0.13Fix Suggestion:
Update to version 0.0.13ymcatwincities/openy-cibox-vm (PHP):
Affected version(s) >=dev-snyk-fix-19013f5e293df9c71f68bf9631fba9f2 <dev-snyk-fix-45a393004964497d68443389076d755aFix Suggestion:
Update to version dev-snyk-fix-45a393004964497d68443389076d755aymcatwincities/openy-cibox-vm (PHP):
Affected version(s) =dev-master <dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebeFix Suggestion:
Update to version dev-snyk-fix-d3e304fdb18d8e743e047d064f2eeebespiral/toolkit (PHP):
Affected version(s) =v0.8.19 <v0.8.20Fix Suggestion:
Update to version v0.8.20chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) >=0.0.18 <0.0.56Fix Suggestion:
Update to version 0.0.56spiral/toolkit (PHP):
Affected version(s) >=v0.8.14 <v0.8.18Fix Suggestion:
Update to version v0.8.18abedinia/heisenberg (PHP):
Affected version(s) =dev-master <0.0.1Fix Suggestion:
Update to version 0.0.1chrisbraybrooke/laravel-ecommerce (PHP):
Affected version(s) =0.0.4 <0.0.11Fix Suggestion:
Update to version 0.0.11ilhanet/erpnet-widget-resource (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixiget-master/material-admin (PHP):
Affected version(s) =dev-issue-18 <dev-L51Fix Suggestion:
Update to version dev-L51spiral/toolkit (PHP):
Affected version(s) >=v0.8.24 <v0.9.0Fix Suggestion:
Update to version v0.9.0yuan1994/wechat_web_devtools (PHP):
Affected version(s) >=dev-core <0.15.152901-coreFix Suggestion:
Update to version 0.15.152901-corelufangyu1217/demo (PHP):
Affected version(s) =dev-bugfix/we-hate-exam <dev-developFix Suggestion:
Update to version dev-develophydrawiki/lessoid (PHP):
Affected version(s) =1.0.0 <2.0.0Fix Suggestion:
Update to version 2.0.0kayrules/solatjakim-api-site (PHP):
Affected version(s) =dev-master <dev-version-1.0Fix Suggestion:
Update to version dev-version-1.0urre/postpone (PHP):
Affected version(s) =1.0.0Fix Suggestion:
Update to version no_fixoburatongoi/productivity (PHP):
Affected version(s) >=0.1.0 <0.3.36Fix Suggestion:
Update to version 0.3.36humanmade/coding-standards (PHP):
Affected version(s) >=0.1.0 <dev-dependabot/npm_and_yarn/json-schema-0.4.0Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/json-schema-0.4.0neon-sys (RUST):
Affected version(s) =0.1.10 <0.1.11Fix Suggestion:
Update to version 0.1.11Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
4.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH