Regular Expression Denial of Servicebraces
braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Upgrade to version 2.3.1 or higher.
publishedAdvisory PublishedFeb 15th, 2019
reportedReported by Santosh RaoFeb 15th, 2019