CVE-2018-1109

Опубликовано: 30 мар. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1547272
Issue Tracking
Patch
Third Party Advisory
https://snyk.io/vuln/npm:braces:20180219
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1547272
Issue Tracking
Patch
Third Party Advisory
https://snyk.io/vuln/npm:braces:20180219
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:braces_project:braces:*:*:*:*:*:node.js:*:*

Версия до 2.3.1 (исключая)

EPSS

Процентиль: 57%

0.00357

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-185

CWE-400

Связанные уязвимости

CVE-2018-1109

CVSS3: 5.3

ubuntu

почти 5 лет назад

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CVE-2018-1109

CVSS3: 4

redhat

почти 8 лет назад

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CVE-2018-1109

CVSS3: 5.3

debian

почти 5 лет назад

A vulnerability was found in Braces versions 2.2.0 and above, prior to ...

GHSA-cwfw-4gq5-mrqx

github

около 4 лет назад

Regular Expression Denial of Service (ReDoS) in braces

BDU:2021-02845

CVSS3: 5.3

fstec

почти 8 лет назад

Уязвимость пакета Braces пакетного менеджера NPM, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 57%

0.00357

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-185

CWE-400