CVE-2018-1109

EPSS 0.36%

Regular Expression Denial of Service (ReDoS) in braces

發布日:2022/1/6修改日:2025/11/26

描述

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This has been patched in version 2.3.1.

受影響套件(1)

npm/braces>= 2.2.0, < 2.3.1

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1109
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1547272
WEBhttps://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
WEBhttps://snyk.io/vuln/npm:braces:20180219