Lucene search

CVE-2024-4068

🗓️ 14 May 2024 15:48:42Reported by CheckmarxType

Memory Exhaustion due to unhandled characters in NPM package 'braces'

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 103
IBM Security Bulletins	Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js Braces module (CVE-2024-4068)	3 Sep 202411:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js braces	29 Jul 202421:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)	14 Jun 202410:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Product Hub uses Node.js micromatch & braces modules which are vulnerable to a denial of service (CVE-2024-4067 & CVE-2024-4068)	30 Aug 202417:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-39338, CVE-2024-4068, CVE-2021-23727)	5 Sep 202416:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-4067, CVE-2024-28849, CVE-2024-4068)	8 Jul 202413:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to denial of service due to Node.js, isaacs node-tar, ShowdownJS	15 Apr 202503:24	–	ibm

[
  {
    "collectionURL": "https://www.npmjs.com/package/micromatch",
    "defaultStatus": "unknown",
    "packageName": "braces",
    "product": "braces",
    "programFiles": [
      "lib/parse.js"
    ],
    "repo": "https://github.com/micromatch/braces",
    "vendor": "micromatch",
    "versions": [
      {
        "changes": [
          {
            "at": "3.0.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.0.2",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/micromatch/braces/issues/35
github	www.github.com/micromatch/braces/pull/37
github	www.github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff
devhub	www.devhub.checkmarx.com/cve-details/CVE-2024-4068/
github	www.github.com/micromatch/braces/pull/40

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 15:42Current

7.4High risk

Vulners AI Score7.4

CVSS37.5

EPSS0.00383

SSVC