CVE-2018-1109

2021-03-3001:52:55

CWE-185

redhat

www.cve.org

vulnerability

braces

regular expression denial of service

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CNA Affected

[
  {
    "product": "nodejs-braces",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "braces 2.3.1"
      }
    ]
  }
]