Search for packages
| purl | pkg:npm/braces@2.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2386-f4qn-sbfx
Aliases: GMS-2019-5 |
Regular Expression Denial of Service Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. |
Affected by 1 other vulnerability. |
|
VCID-mssa-dgz3-w7fh
Aliases: CVE-2024-4068 GHSA-grv7-fg5c-xmjg |
Uncontrolled resource consumption in braces The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash. |
Affected by 0 other vulnerabilities. |
|
VCID-ynup-8rhy-fbdz
Aliases: GHSA-g95f-p29q-9xw4 GMS-2019-117 |
Duplicate Advisory: Regular Expression Denial of Service in braces ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. ## Original Description Versions of `braces` prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. ## Recommendation Upgrade to version 2.3.1 or higher. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||