DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-4068

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-4068

CGA ID

CGA-jrqh-c82g-rxvm

Severity

7.5

High

CVSS V3

Summary

Uncontrolled resource consumption in braces

Description

The NPM package braces fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images