The JavaScript package ecosystem hit a familiar but dangerous snag with CVE-2024-4068: a memory‑exhaustion vulnerability in the widely used NPM package braces that can be triggered by imbalanced brace input and lead to sustained denial of service by exhausting the JavaScript heap.
Background
The...
