[CVE-2024-4068] Uncontrolled resource consumption found in braces (non-issue, see comments) #2203

promaldowski15 · 2024-05-14T10:43:25Z

Snyk reported a vulnerability in the nodemon 3.1.0 dependency.

Issues with no direct upgrade or patch:
11:08:29 ✗ Uncontrolled resource consumption [High Severity][https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727] in braces@3.0.2
11:08:29 introduced by nodemon@3.1.0 > chokidar@3.5.3 > braces@3.0.2
11:08:29 No upgrade or patch available

https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727

remy · 2024-05-19T09:26:43Z

See here for details (and frankly I fully support this stand):

paulmillr/chokidar#1314

Going to lock, edit and keep open.

remy · 2024-05-19T09:27:25Z

I'll close once it's closed off, or dies, upstream.

remy · 2024-05-29T08:18:04Z

Closing (unplanned/non-issue) - again, you can follow conversations upstream.

remy added the false security report label May 19, 2024

remy changed the title ~~[CVE-2024-4068] Uncontrolled resource consumption found in braces~~ [CVE-2024-4068] Uncontrolled resource consumption found in braces (non-issue, see comments) May 19, 2024

Repository owner locked as resolved and limited conversation to collaborators May 19, 2024

remy closed this as completed May 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CVE-2024-4068] Uncontrolled resource consumption found in braces (non-issue, see comments) #2203

[CVE-2024-4068] Uncontrolled resource consumption found in braces (non-issue, see comments) #2203

promaldowski15 commented May 14, 2024

remy commented May 19, 2024

remy commented May 19, 2024

remy commented May 29, 2024

[CVE-2024-4068] Uncontrolled resource consumption found in braces (non-issue, see comments) #2203

[CVE-2024-4068] Uncontrolled resource consumption found in braces (non-issue, see comments) #2203

Comments

promaldowski15 commented May 14, 2024

remy commented May 19, 2024

remy commented May 19, 2024

remy commented May 29, 2024