CVE-2018-1109: Uncontrolled Resource Consumption

January 6, 2022

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

References

bugzilla.redhat.com/show_bug.cgi?id=1547272
github.com/advisories/GHSA-cwfw-4gq5-mrqx
github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
nvd.nist.gov/vuln/detail/CVE-2018-1109
snyk.io/vuln/npm:braces:20180219

Detect and mitigate CVE-2018-1109 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →