CVE-2018-1109

EPSS 0.36%

Regular Expression Denial of Service (ReDoS) in braces

Published: 1/6/2022Modified: 11/26/2025

Description

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This has been patched in version 2.3.1.

Affected packages (1)

npm/braces>= 2.2.0, < 2.3.1

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1109
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1547272
WEBhttps://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
WEBhttps://snyk.io/vuln/npm:braces:20180219