You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SCA Alerts:
The NPM package "braces" fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
Reproduction
Run checkmarx scan
System Info
Cxab55612e-3a56 | Uncontrolled resource consumption
Used Package Manager
yarn
Expected Behavior
Scan without any error.
Actual Behavior
SCA Alerts:
The NPM package "braces" fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
More details:
https://devhub.checkmarx.com/cve-details/Cxab55612e-3a56/
The text was updated successfully, but these errors were encountered: