CVE-2018-1109
CVE-2018-1109 (Braces) affects the Node.js braces package, with versions 2.2.0 and later, but before 2.3.1, vulnerable to a Regular Expression Denial of Service (ReDoS). The root cause is a crafted regex input that can trigger a sustained RegExp evaluation, leading to measurable latency (IBM note...