/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-4068

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-4068

CGA ID

CGA-wr9w-hw24-rqg5

Severity

Unknown

Description

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs