Описание
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-minimatch | fixed | 3.0.5+~3.0.5-1 | package | |
| node-minimatch | fixed | 3.0.4+~3.0.3-1+deb11u1 | bullseye | package |
Примечания
https://github.com/grafana/grafana-image-renderer/issues/329
https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5)
Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff
Regression follow-up: https://github.com/isaacs/minimatch/commit/e4cd43462340ca6b21212b68c9e314d8cdd9861a
EPSS
Связанные уязвимости
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
EPSS