GHSA-cwfw-4gq5-mrqx

Опубликовано: 06 янв. 2022

Источник: github

Github: Прошло ревью

Описание

Regular Expression Denial of Service (ReDoS) in braces

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This has been patched in version 2.3.1.

Ссылки

Пакеты

Наименование

braces

npm

Затронутые версииВерсия исправления

>= 2.2.0, < 2.3.1

2.3.1

EPSS

Процентиль: 57%

0.00357

Низкий

CVE ID

CVE-2018-1109

Дефекты

CWE-400

Связанные уязвимости

CVE-2018-1109

CVSS3: 5.3

ubuntu

почти 5 лет назад

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CVE-2018-1109

CVSS3: 4

redhat

почти 8 лет назад

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CVE-2018-1109

CVSS3: 5.3

nvd

почти 5 лет назад

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.