braces

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting bracespage 1 of 1

CVE-2018-1109MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.3.1
2021-03-30
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
CVE-2024-4068HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.3
2024-05-14
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will en…

Check whether braces is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for braces CVEs against the assets you own.

Start Free Scan →