GHSA-g95f-p29q-9xw4: Duplicate Advisory: Regular Expression Denial of Service in braces

June 6, 2019 (updated February 3, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references.

Original Description

Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Recommendation

Upgrade to version 2.3.1 or higher.

References

github.com/advisories/GHSA-g95f-p29q-9xw4
github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
snyk.io/vuln/npm:braces:20180219
www.npmjs.com/advisories/786

Code Behaviors & Features

Detect and mitigate GHSA-g95f-p29q-9xw4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →