braces vulnerability
mark2093 opened this issue · comments
Issue description
There is a vulnerability detected (serverless@3.38.0) by Snyk regarding braces
Context
serverless@3.38.0 > @serverless/dashboard-plugin@7.2.3 > chokidar@3.6.0 > braces@3.0.2
braces is a Bash-like brace expansion, implemented in JavaScript.
Affected versions of this package are vulnerable to Uncontrolled resource consumption due to failing to limit the number of characters it can handle, through the parse function. An attacker can cause the application to allocate excessive memory and potentially crash by sending imbalanced braces as input.
+1