npm package
braces
pkg:npm/braces
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-4068 | — | < 3.0.3 | 3.0.3 | May 13, 2024 | The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program | ||
| CVE-2018-1109 | — | >= 2.2.0, < 2.3.1 | 2.3.1 | Mar 30, 2021 | A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. |
- CVE-2024-4068May 13, 2024affected < 3.0.3fixed 3.0.3
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program
- CVE-2018-1109Mar 30, 2021affected >= 2.2.0, < 2.3.1fixed 2.3.1
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.