CVE-2018-1109

5.3 MEDIUM
Published: March 30, 2021 Modified: December 01, 2025
View on NVD

Description

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1547272
Source: secalert@redhat.com
Issue Tracking Patch Third Party Advisory
https://snyk.io/vuln/npm:braces:20180219
Source: secalert@redhat.com
Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1547272
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://snyk.io/vuln/npm:braces:20180219
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.4%
57th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-185 CWE-400

Affected Vendors

braces_project

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3