Braces Project Braces vulnerabilities

CVE-2024-4068 [HIGH] CWE-1050 Uncontrolled resource consumption in braces Uncontrolled resource consumption in braces The NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached,

CVE-2018-1109 [MEDIUM] CWE-185 CVE-2018-1109: A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of t A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.