Control: tags -1 + moreinfo Le 22/04/2019 à 07:38, Xavier a écrit : > Le 21/04/2019 à 22:33, Moritz Muehlenhoff a écrit : >> Package: node-braces >> Severity: important >> Tags: security >> >> Please see https://snyk.io/vuln/npm:braces:20180219 >> >> Patch: >> https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 >> >> Cheers, >> Moritz > > Buster version (2.0.2) seems not easily to patch.
It seems that the vulnerable regexp doesn't exist in node-braces 2.0.2. I can't find any exploit to verify this. Could someone help here ?