OESA-2025-1645

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1645

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1645.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2025-1645

Upstream

CVE-2025-5889

Published

2025-06-20T13:26:24Z

Modified

2025-09-03T06:31:43.906845Z

Summary

nodejs-brace-expansion security update

Details

Brace expansion as known from sh/bash

Security Fix(es):

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.(CVE-2025-5889)

Database specific

{
    "severity": "Low"
}

References

Affected packages

openEuler:20.03-LTS-SP4

nodejs-brace-expansion

Package

Name: nodejs-brace-expansion
Purl: pkg:rpm/openEuler/nodejs-brace-expansion&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.11-2.oe2003sp4

Ecosystem specific

{
    "src": [
        "nodejs-brace-expansion-1.1.11-2.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "nodejs-brace-expansion-1.1.11-2.oe2003sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3

nodejs-brace-expansion

Package

Name: nodejs-brace-expansion
Purl: pkg:rpm/openEuler/nodejs-brace-expansion&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.11-2.oe2203sp3

Ecosystem specific

{
    "src": [
        "nodejs-brace-expansion-1.1.11-2.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "nodejs-brace-expansion-1.1.11-2.oe2203sp3.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP4

nodejs-brace-expansion

Package

Name: nodejs-brace-expansion
Purl: pkg:rpm/openEuler/nodejs-brace-expansion&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.11-2.oe2203sp4

Ecosystem specific

{
    "src": [
        "nodejs-brace-expansion-1.1.11-2.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "nodejs-brace-expansion-1.1.11-2.oe2203sp4.noarch.rpm"
    ]
}

openEuler:24.03-LTS

nodejs-brace-expansion

Package

Name: nodejs-brace-expansion
Purl: pkg:rpm/openEuler/nodejs-brace-expansion&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.11-4.oe2403sp1

Ecosystem specific

{
    "src": [
        "nodejs-brace-expansion-1.1.11-4.oe2403.src.rpm",
        "nodejs-brace-expansion-1.1.11-4.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "nodejs-brace-expansion-1.1.11-4.oe2403.noarch.rpm",
        "nodejs-brace-expansion-1.1.11-4.oe2403sp1.noarch.rpm"
    ]
}

openEuler:24.03-LTS-SP1

nodejs-brace-expansion

Package

Name: nodejs-brace-expansion
Purl: pkg:rpm/openEuler/nodejs-brace-expansion&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.11-4.oe2403sp1

Ecosystem specific

{
    "src": [
        "nodejs-brace-expansion-1.1.11-4.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "nodejs-brace-expansion-1.1.11-4.oe2403sp1.noarch.rpm"
    ]
}