Blackduck security issue reported for braces 3.0.2 that is coming from react-scripts #13587
Unanswered
sasimarudhuri
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Blackduck security issue(High) reported for braces 3.0.2 that is coming from react-scripts 5.0.1 which is new version already. Any update in fixing this issue in coming releases.
Issue Description: The braces NPM package is vulnerable to denial-of-service (DoS) via memory exhaustion due to lack of any restriction on the number of input characters it processes. An application that uses the library and accepts remote user input may be susceptible to the attack via a payload containing a large number of "imbalanced braces", { characters.
Beta Was this translation helpful? Give feedback.
All reactions