Neurologically Paralyzing Mouseovers
Severity: low

Regular Expression Denial of Service

braces

Overview

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Remediation

Upgrade to version 2.3.1 or higher.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Feb 15th, 2019
  2. reported

    Reported by Santosh Rao
    Feb 15th, 2019