Publish GHSA-cwfw-4gq5-mrqx

advisory-database[bot] · advisory-database[bot] · commit 1fc270020ef2 · 2025-11-26T16:28:16.000Z
diff --git a/advisories/github-reviewed/2022/01/GHSA-cwfw-4gq5-mrqx/GHSA-cwfw-4gq5-mrqx.json b/advisories/github-reviewed/2022/01/GHSA-cwfw-4gq5-mrqx/GHSA-cwfw-4gq5-mrqx.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cwfw-4gq5-mrqx",
-  "modified": "2021-03-31T21:35:00Z",
+  "modified": "2025-11-26T16:25:50Z",
   "published": "2022-01-06T20:42:03Z",
   "aliases": [
     "CVE-2018-1109"
   ],
   "summary": "Regular Expression Denial of Service (ReDoS) in braces",
-  "details": "A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.",
+  "details": "A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This has been patched in version 2.3.1.",
   "severity": [],
   "affected": [
     {
@@ -20,7 +20,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "2.2.0"
             },
             {
               "fixed": "2.3.1"

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-cwfw-4gq5-mrqx",`
`4`		`- "modified": "2021-03-31T21:35:00Z",`
	`4`	`+ "modified": "2025-11-26T16:25:50Z",`
`5`	`5`	`"published": "2022-01-06T20:42:03Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2018-1109"`
`8`	`8`	`],`
`9`	`9`	`"summary": "Regular Expression Denial of Service (ReDoS) in braces",`
`10`		`- "details": "A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.",`
	`10`	`+ "details": "A vulnerability was found in Braces versions from v2.2.0 up to but not including v2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This has been patched in version 2.3.1.",`
`11`	`11`	`"severity": [],`
`12`	`12`	`"affected": [`
`13`	`13`	`{`
`@@ -20,7 +20,7 @@`
`20`	`20`	`"type": "ECOSYSTEM",`
`21`	`21`	`"events": [`
`22`	`22`	`{`
`23`		`- "introduced": "0"`
	`23`	`+ "introduced": "2.2.0"`
`24`	`24`	`},`
`25`	`25`	`{`
`26`	`26`	`"fixed": "2.3.1"`