NodeJS/braces/1.4.0


Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.

https://www.npmjs.com/package/braces
MIT

2 Security Vulnerabilities

Regular Expression Denial of Service (ReDoS) in braces

Published date: 2022-01-06T20:42:03Z
CVE: CVE-2018-1109
Links:

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.1.4", "0.1.5", "1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "1.5.0", "1.5.1", "1.6.0", "1.7.0", "1.8.0", "1.8.1", "1.8.2", "1.8.3", "1.8.4", "1.8.5", "2.0.0", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.1.0", "2.1.1", "2.2.0", "2.2.1", "2.2.2", "2.3.0"]
Secure versions: [2.3.1, 2.3.2, 3.0.0, 3.0.1, 3.0.2]
Recommendation: Update to version 3.0.2.

Regular Expression Denial of Service in braces

Published date: 2019-06-06T15:30:30Z
Links:

Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Recommendation

Upgrade to version 2.3.1 or higher.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.1.4", "0.1.5", "1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "1.5.0", "1.5.1", "1.6.0", "1.7.0", "1.8.0", "1.8.1", "1.8.2", "1.8.3", "1.8.4", "1.8.5", "2.0.0", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.1.0", "2.1.1", "2.2.0", "2.2.1", "2.2.2", "2.3.0"]
Secure versions: [2.3.1, 2.3.2, 3.0.0, 3.0.1, 3.0.2]
Recommendation: Update to version 3.0.2.

36 Other Versions

Version License Security Released
3.0.2 MIT 2019-04-16 - 19:51 almost 5 years
3.0.1 MIT 2019-04-10 - 11:30 almost 5 years
3.0.0 MIT 2019-04-08 - 22:47 almost 5 years
2.3.2 MIT 2018-04-08 - 14:21 almost 6 years
2.3.1 MIT 2018-02-18 - 04:16 about 6 years
2.3.0 MIT 2 2017-10-19 - 13:37 over 6 years
2.2.2 MIT 2 2017-05-31 - 09:56 almost 7 years
2.2.1 MIT 2 2017-05-31 - 01:21 almost 7 years
2.2.0 MIT 2 2017-05-28 - 23:30 almost 7 years
2.1.1 MIT 2 2017-04-27 - 08:10 almost 7 years
2.1.0 MIT 2 2017-04-26 - 22:39 almost 7 years
2.0.4 MIT 2 2017-04-12 - 01:12 almost 7 years
2.0.3 MIT 2 2016-12-11 - 01:13 over 7 years
2.0.2 MIT 2 2016-10-21 - 06:46 over 7 years
2.0.1 MIT 2 2016-10-20 - 21:05 over 7 years
2.0.0 MIT 2 2016-10-20 - 01:32 over 7 years
1.8.5 MIT 2 2016-05-21 - 15:13 almost 8 years
1.8.4 MIT 2 2016-04-20 - 08:24 almost 8 years
1.8.3 MIT 2 2015-12-19 - 23:03 over 8 years
1.8.2 MIT 2 2015-10-19 - 17:46 over 8 years
1.8.1 MIT 2 2015-08-21 - 10:17 over 8 years
1.8.0 MIT 2 2015-03-18 - 11:37 about 9 years
1.7.0 MIT 2 2015-01-31 - 00:24 about 9 years
1.6.0 MIT 2 2015-01-30 - 13:35 about 9 years
1.5.1 MIT 2 2015-01-30 - 13:27 about 9 years
1.5.0 MIT 2 2015-01-28 - 18:08 about 9 years
1.4.0 MIT 2 2015-01-25 - 00:33 about 9 years
1.3.0 MIT 2 2015-01-24 - 11:32 about 9 years
1.2.0 MIT 2 2015-01-16 - 11:55 about 9 years
1.1.0 MIT 2 2015-01-12 - 00:45 about 9 years
1.0.0 MIT 2 2014-12-23 - 11:35 over 9 years
0.1.5 MIT 2 2014-11-24 - 02:08 over 9 years
0.1.4 MIT 2 2014-11-15 - 03:24 over 9 years
0.1.2 MIT 2 2014-10-22 - 18:51 over 9 years
0.1.1 MIT 2 2014-10-22 - 18:19 over 9 years
0.1.0 MIT 2 2014-10-20 - 16:26 over 9 years