GHSA-cwfw-4gq5-mrqx

Source

https://github.com/advisories/GHSA-cwfw-4gq5-mrqx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-cwfw-4gq5-mrqx/GHSA-cwfw-4gq5-mrqx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cwfw-4gq5-mrqx

Aliases

CVE-2018-1109

Published

2022-01-06T20:42:03Z

Modified

2025-11-26T17:32:10.727937Z

Summary

Regular Expression Denial of Service (ReDoS) in braces

Details

A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This has been patched in version 2.3.1.

Database specific

{
    "nvd_published_at": "2021-03-30T02:15:00Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-31T21:35:00Z"
}

References

Affected packages

npm / braces

Package

Name: braces; View open source insights on deps.dev
Purl: pkg:npm/braces

Affected ranges

Type: SEMVER
Events: Introduced

2.2.0

Fixed

2.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-cwfw-4gq5-mrqx/GHSA-cwfw-4gq5-mrqx.json"