Giters

serverless / serverless

⚡ Serverless Framework – Use AWS Lambda and other managed cloud services to build apps that auto-scale, cost nothing when idle, and boast radically low maintenance.

Home Page:https://serverless.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

braces vulnerability

mark2093 opened this issue · comments

commented

Issue description

There is a vulnerability detected (serverless@3.38.0) by Snyk regarding braces

Context

serverless@3.38.0 > @serverless/dashboard-plugin@7.2.3 > chokidar@3.6.0 > braces@3.0.2

braces is a Bash-like brace expansion, implemented in JavaScript.

Affected versions of this package are vulnerable to Uncontrolled resource consumption due to failing to limit the number of characters it can handle, through the parse function. An attacker can cause the application to allocate excessive memory and potentially crash by sending imbalanced braces as input.