​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-g3x5-7mr7-wr8m

Published

Last updated

https://images.chainguard.dev/security/CGA-g3x5-7mr7-wr8m
Package

opensearch-dashboards-2-fips

Latest Update
Fixed
Fixed Version

2.15.0-r0

Aliases
  • CVE-2024-4068
  • GHSA-grv7-fg5c-xmjg

Severity

7.5

High

CVSS V3

Summary

Uncontrolled resource consumption in braces

Description

The NPM package braces fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images