Blackduck security issue reported for braces 3.0.2 that is coming from react-scripts #13587
              
                Unanswered
              
          
                  
                    
                      sasimarudhuri
                    
                  
                
                  asked this question in
                General
              
            Replies: 0 comments
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
-
Blackduck security issue(High) reported for braces 3.0.2 that is coming from react-scripts 5.0.1 which is new version already. Any update in fixing this issue in coming releases.
Issue Description: The braces NPM package is vulnerable to denial-of-service (DoS) via memory exhaustion due to lack of any restriction on the number of input characters it processes. An application that uses the library and accepts remote user input may be susceptible to the attack via a payload containing a large number of "imbalanced braces", { characters.
Beta Was this translation helpful? Give feedback.
All reactions