The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhboac Hawtio
|
|
CPEs | cpe:/a:redhat:rhboac_hawtio:4.0.0 | |
Vendors & Products |
Redhat rhboac Hawtio
|
Mon, 11 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat multicluster Engine
|
|
CPEs | cpe:/a:redhat:acm:2.9::el8 cpe:/a:redhat:multicluster_engine:2.4::el8 cpe:/a:redhat:multicluster_engine:2.5::el8 |
|
Vendors & Products |
Redhat multicluster Engine
|
Sat, 09 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat acm
|
|
CPEs | cpe:/a:redhat:acm:2.10::el9 | |
Vendors & Products |
Redhat acm
|
Wed, 06 Nov 2024 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Micromatch
Micromatch braces |
|
CPEs | cpe:2.3:a:micromatch:braces:3.0.3:*:*:*:*:*:*:* | |
Vendors & Products |
Micromatch
Micromatch braces |
|
Metrics |
ssvc
|
Wed, 16 Oct 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Enterprise Application Platform
|
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.4 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 |
|
Vendors & Products |
Redhat jboss Enterprise Application Platform
|
Thu, 26 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhmt
|
|
CPEs | cpe:/a:redhat:rhmt:1.8::el8 | |
Vendors & Products |
Redhat rhmt
|
Fri, 06 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat service Mesh |
|
CPEs | cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9 |
|
Vendors & Products |
Redhat
Redhat service Mesh |
MITRE
Status: PUBLISHED
Assigner: Checkmarx
Published: 2024-05-13T10:06:38.152Z
Updated: 2024-11-06T13:10:11.179Z
Reserved: 2024-04-23T13:31:17.738Z
Link: CVE-2024-4068
Vulnrichment
Updated: 2024-08-01T20:26:57.297Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:42:48.660
Modified: 2024-11-21T09:42:07.710
Link: CVE-2024-4068
Redhat