Uploaded image for project: 'JOC - JS7 Operations Center'
  1. JOC - JS7 Operations Center
  2. JOC-2123

Upgrade brace-expansion to 4.0.1 due to 3rd party vulnerability CVE-2025-5889

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.7.5
    • 2.5.12, 2.7.6
    • None
    • None
    • CVE-2025-5889

    Description

      Current Stuation

      Currently JS7 JOC-Cockpit ships with brace-expansion 2.0.1 which is affected by CVE-2025-5889.

      We rate the impact to our software asĀ low as the vulnerability would only be exploitable if untrusted user input were passed into brace pattern expansion, but file-matching and path expansion are handled internally without making use of brace patterns.

      Desired Behavior

      JS7 should use brace-expansion version 4.0.1 which solves the issue.

      Attachments

        Activity

          People

            ZtRahul193 Rahul Patidar
            sp Santiago Aucejo Petzoldt
            Ajay Kumbhkar Ajay Kumbhkar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: