Myvyang

Name of the Vulnerable Software and Affected Versions: brace-expansion versions prior to 1.1.7 Description: The issue concerns a Regular Expression Denial of Service (ReDoS) condition. It can be triggered by an expand argument containing many comma characters. There is a proof of concept demonstrating the vulnerability using the `expand` function from the `brace-expansion` module with an argument containing numerous comma characters. Recommendations: Update to version 1.1.7 or later. As a temporary workaround, consider restricting the use of the `expand` function with arguments containing many comma characters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** qs versions prior to 6.0.4 qs versions prior to 6.1.2 qs versions prior to 6.2.3 qs versions prior to 6.3.2 **Description** The issue allows a malicious user to send a request that can cause the web framework to crash, resulting in a Denial of Service. This is due to the `qs.parse` function failing to properly prevent an object's prototype from being altered when parsing arbitrary input. Input containing `[` or `]` may bypass the prototype pollution protection and alter the Object prototype, allowing attackers to override properties that will exist in all objects. This may lead to Remote Code Execution in specific circumstances. **Recommendations** Upgrade to version 6.0.4 or later. Upgrade to version 6.1.2 or later. Upgrade to version 6.2.3 or later. Upgrade to version 6.3.2 or later.