Debian Node-Braces vulnerabilities

CVE-2024-4068 [HIGH] CVE-2024-4068: node-braces - The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of ... The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventual

CVE-2018-1109 [MEDIUM] CVE-2018-1109: node-braces - A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Af... A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved