Regular Expression Denial of Service (ReDoS)
Vulnerable module: braces
Introduced through: bitcoin-unocoin-client@0.3.6
Detailed paths
Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › bitcoin-unocoin-client@0.3.6 › babel-cli@6.26.0 › chokidar@1.7.0 › anymatch@1.3.2 › micromatch@2.3.11 › braces@1.8.5
Overview
braces is a Bash-like brace expansion, implemented in JavaScript.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.
Regular Expression Denial of Service (ReDoS) Vulnerable module: braces Introduced through: bitcoin-unocoin-client@0.3.6 Detailed paths Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › bitcoin-unocoin-client@0.3.6 › babel-cli@6.26.0 › chokidar@1.7.0 › anymatch@1.3.2 › micromatch@2.3.11 › braces@1.8.5 Overview braces is a Bash-like brace expansion, implemented in JavaScript.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.