AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-30T10:16:34.560Z and has not been modified since then. The NVD entry is currently Deferred. This denial of service vulnerability affects brace-expansion through 5.0.6, allowing an attacker to cause significant CPU consumption and event-loop blocking by passing a crafted string to expand(), directly [truncated]
A vulnerability in the brace-expansion library (versions 5.0.0 to before 5.0.6) allows uncontrolled resource consumption when processing large numeric range patterns. The library's max option, intended to limit output size, is applied too late in the expansion process. When expanding a pattern like {1..10000000}, the library generates all 10 million intermediate elements before enforcing the limit, causin [truncated]