Fix CVE–2018–1109

[debricked]

CVE–2018–1109

Vulnerable dependency:     braces (Yarn)    1.8.5    0.1.5

Vulnerability details

Description

Uncontrolled Resource Consumption

The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

NVD

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

GitHub

Regular Expression Denial of Service (ReDoS) in braces

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CVSS details - 5.3

 

CVSS3 metrics
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity	None
Availability	Low

References

    NVD - CVE-2018-1109
    1547272 – (CVE-2018-1109) CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js
    handle edge case · micromatch/braces@dcc1aca · GitHub
    optimize regex · micromatch/braces@abdafb0 · GitHub
    Regular Expression Denial of Service (ReDoS) in braces · CVE-2018-1109 · GitHub Advisory Database · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE