CVE-2025-5889 @ Npm-brace-expansion-1.1.6 #402
Description
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2025-5889
Checkmarx Project: cx-boris-goman/AutoPR
Repository URL: https://github.com/cx-boris-goman/AutoPR
Branch: kid
Scan ID: bfaa74de-6358-4edb-a528-1d669bc0863c
A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the file "index.js". The manipulation leads to Inefficient Regular Expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This issue affects brace-expansion package versions 1.0.0 through 1.1.11, 2.0.0 through 2.0.1, 3.0.0, 4.0.0. It is recommended to apply a patch to fix this issue.
Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Remediation Upgrade Recommendation: 1.1.12