Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ynup-8rhy-fbdz

Summary

Duplicate Advisory: Regular Expression Denial of Service in braces
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references.

## Original Description
Versions of `braces` prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.


## Recommendation

Upgrade to version 2.3.1 or higher.

Aliases

alias	GHSA-g95f-p29q-9xw4

alias	GMS-2019-117

Fixed_packages

url pkg:npm/braces@2.3.1

purl pkg:npm/braces@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mssa-dgz3-w7fh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.3.1

Affected_packages

url pkg:npm/braces@0.1.0

purl pkg:npm/braces@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@0.1.0

url pkg:npm/braces@0.1.1

purl pkg:npm/braces@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@0.1.1

url pkg:npm/braces@0.1.2

purl pkg:npm/braces@0.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@0.1.2

url pkg:npm/braces@0.1.4

purl pkg:npm/braces@0.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@0.1.4

url pkg:npm/braces@0.1.5

purl pkg:npm/braces@0.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@0.1.5

url pkg:npm/braces@1.0.0

purl pkg:npm/braces@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.0.0

url pkg:npm/braces@1.1.0

purl pkg:npm/braces@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.1.0

url pkg:npm/braces@1.2.0

purl pkg:npm/braces@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.2.0

url pkg:npm/braces@1.3.0

purl pkg:npm/braces@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.3.0

url pkg:npm/braces@1.4.0

purl pkg:npm/braces@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.4.0

url pkg:npm/braces@1.5.0

purl pkg:npm/braces@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.5.0

url pkg:npm/braces@1.5.1

purl pkg:npm/braces@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.5.1

url pkg:npm/braces@1.6.0

purl pkg:npm/braces@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.6.0

url pkg:npm/braces@1.7.0

purl pkg:npm/braces@1.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.7.0

url pkg:npm/braces@1.8.0

purl pkg:npm/braces@1.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.8.0

url pkg:npm/braces@1.8.1

purl pkg:npm/braces@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.8.1

url pkg:npm/braces@1.8.2

purl pkg:npm/braces@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.8.2

url pkg:npm/braces@1.8.3

purl pkg:npm/braces@1.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.8.3

url pkg:npm/braces@1.8.4

purl pkg:npm/braces@1.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.8.4

url pkg:npm/braces@1.8.5

purl pkg:npm/braces@1.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@1.8.5

url pkg:npm/braces@2.0.0

purl pkg:npm/braces@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.0.0

url pkg:npm/braces@2.0.1

purl pkg:npm/braces@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.0.1

url pkg:npm/braces@2.0.2

purl pkg:npm/braces@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.0.2

url pkg:npm/braces@2.0.3

purl pkg:npm/braces@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.0.3

url pkg:npm/braces@2.0.4

purl pkg:npm/braces@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.0.4

url pkg:npm/braces@2.1.0

purl pkg:npm/braces@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.1.0

url pkg:npm/braces@2.1.1

purl pkg:npm/braces@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.1.1

url pkg:npm/braces@2.2.0

purl pkg:npm/braces@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

vulnerability	VCID-zfmv-3d1v-qye6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.2.0

url pkg:npm/braces@2.2.1

purl pkg:npm/braces@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

vulnerability	VCID-zfmv-3d1v-qye6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.2.1

url pkg:npm/braces@2.2.2

purl pkg:npm/braces@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

vulnerability	VCID-zfmv-3d1v-qye6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.2.2

url pkg:npm/braces@2.3.0

purl pkg:npm/braces@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2386-f4qn-sbfx

vulnerability	VCID-mssa-dgz3-w7fh

vulnerability	VCID-ynup-8rhy-fbdz

vulnerability	VCID-zfmv-3d1v-qye6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/braces@2.3.0

References

reference_url

https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451

reference_url

https://snyk.io/vuln/npm:braces:20180219

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/npm:braces:20180219

reference_url

https://www.npmjs.com/advisories/786

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/786

reference_url

https://github.com/advisories/GHSA-g95f-p29q-9xw4

reference_id

GHSA-g95f-p29q-9xw4

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g95f-p29q-9xw4

Weaknesses

cwe_id	185
name	Incorrect Regular Expression
description	The product specifies a regular expression in a way that causes data to be improperly matched or compared.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 0.1 - 3.7

Exploitability 0.5

Weighted_severity 3.3

Risk_score 1.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynup-8rhy-fbdz

Vulnerability Instance