CVE-2024-4068HIGHCVSS 7.5≤ 3.0.22024-05-14
CVE-2024-4068 [HIGH] CWE-1050 CVE-2024-4068: The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can ha
The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the lo
nvd