Nonchalantly Performs Magic
    Severity: low

    Regular Expression Denial of Service

    braces

    Overview

    Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

    Remediation

    Upgrade to version 2.3.1 or higher.

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Feb 15th, 2019
    2. reported

      Reported by Santosh Rao
      Feb 15th, 2019