You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Checkmarx reported vulnerability with one of the dependent libraries (braces@3.0.2).
Category
CWE-400 | Uncontrolled resource consumption
Description
The NPM package "braces" fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
Steps to reproduce
Run checkmarx scan on any nodejs project with pm2 dependency
Dependency tree
The text was updated successfully, but these errors were encountered:
Checkmarx reported vulnerability with one of the dependent libraries (braces@3.0.2).
Category
CWE-400 | Uncontrolled resource consumption
Description
The NPM package "braces" fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.Steps to reproduce
Run checkmarx scan on any nodejs project with pm2 dependency
Dependency tree
The text was updated successfully, but these errors were encountered: