GHSA-g95f-p29q-9xw4

Опубликовано: 06 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 3.7

Описание

Duplicate Advisory: Regular Expression Denial of Service in braces

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references.

Original Description

Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Recommendation

Upgrade to version 2.3.1 or higher.

Ссылки

https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
https://snyk.io/vuln/npm:braces:20180219
https://www.npmjs.com/advisories/786

Пакеты

Наименование

braces

npm

Затронутые версииВерсия исправления

< 2.3.1

2.3.1

3.7 Low

CVSS3

Дефекты

CWE-185

CWE-400

3.7 Low

CVSS3

Дефекты

CWE-185

CWE-400