[Bug 1224310] VUL-0: CVE-2024-4068: xpra-html5: the npm package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion
15 May
2024
15 May
'24
19:56
https://bugzilla.suse.com/show_bug.cgi?id=1224310 https://bugzilla.suse.com/show_bug.cgi?id=1224310#c3 --- Comment #3 from Scott Bradnick <scott.bradnick@suse.com> --- (In reply to Scott Bradnick from comment #2)
I have opened https://github.com/Xpra-org/xpra-html5/issues/306 upstream to get Xpra's take on things.
Upstream developer said: "I'm not really bothered about build time stuff. Also happy to remove the lot." I'll follow up in due time to see if they're removed. Additionally, I see https://github.com/micromatch/braces/pull/37 - so maybe "braces" will be 'fixed'. -- You are receiving this mail because: You are on the CC list for the bug.
220
Age (days ago)
220
Last active (days ago)
0 comments
1 participants
participants (1)
-
bugzilla_noreply@suse.com