Описание
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.1 (включая)
cpe:2.3:a:minimatch_project:minimatch:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 62%
0.00435
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
CWE-20
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 7 лет назад
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.
CVSS3: 7.5
debian
больше 7 лет назад
Minimatch is a minimal matching utility that works by converting glob ...
CVSS3: 7.5
github
больше 7 лет назад
Regular Expression Denial of Service in minimatch
EPSS
Процентиль: 62%
0.00435
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
CWE-20