search

micromatch / braces

Faster brace expansion for node.js. Besides being faster, braces is not subject to DoS attacks like minimatch, is more accurate, and has more complete support for Bash 4.3.
https://github.com/jonschlinkert
MIT License
207 stars 45 forks source link

braces Uncontrolled resource consumption #42

Open vtulse opened 1 month ago

vtulse commented 1 month ago

braces Uncontrolled resource consumption VULNERABILITY CWE-400OPEN THIS LINK IN A NEW TAB CVE-2024-4068OPEN THIS LINK IN A NEW TAB CVSS 7.5OPEN THIS LINK IN A NEW TAB HIGH SNYK-JS-BRACES-6838727OPEN THIS LINK IN A NEW TAB SCORE 169 Introduced through @ckeditor/ckeditor5-dev-utils@38.4.1 Exploit maturity PROOF OF CONCEPT Show less detail Detailed paths Introduced through: drupal-ckeditor5@1.0.0 › @ckeditor/ckeditor5-dev-utils@38.4.1 › del@5.1.0 › globby@10.0.2 › fast-glob@3.3.2 › micromatch@4.0.6 › braces@3.0.3 Fix: No remediation path available. Security information Factors contributing to the scoring: Snyk: CVSS 7.5 - High Severity

NVD: Not available. NVD has not yet published its analysis.

Wylwy commented 1 month ago

Is there any forethought to add a fix for this vulnerability in a future patch?