Neurologically Paralyzing Mouseovers
Severity: low

Regular Expression Denial of Service



Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.


Upgrade to version 2.3.1 or higher.


Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Feb 15th, 2019
  2. reported

    Reported by Santosh Rao
    Feb 15th, 2019