Overview
Versions of braces
prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Remediation
Upgrade to version 2.3.1 or higher.
Resources
Have content suggestions? Visit npmjs.com/support.
Advisory timeline
published
Advisory PublishedFeb 15th, 2019reported
Reported by Santosh RaoFeb 15th, 2019