Количество 9
Количество 9
GHSA-952p-6rrq-rcjv
Regular Expression Denial of Service (ReDoS) in micromatch
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.
CVE-2024-4067
CVE-2024-4067
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular E ...
BDU:2024-09421
Уязвимость библиотеки micromatch, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю получить вызвать отказ в обслуживании
SUSE-SU-2024:3771-1
Security update for pgadmin4
ROS-20241029-08
Множественные уязвимости opensearch
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-952p-6rrq-rcjv Regular Expression Denial of Service (ReDoS) in micromatch | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | 0% Низкий | больше 1 года назад | ||
| CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular E ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | BDU:2024-09421 Уязвимость библиотеки micromatch, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю получить вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
 | SUSE-SU-2024:3771-1 Security update for pgadmin4 | больше 1 года назад | ||
 | ROS-20241029-08 Множественные уязвимости opensearch | CVSS3: 7.5 | больше 1 года назад |
Уязвимостей на страницу