CVE-2026-27904
- EPSS 0.02%
- Veröffentlicht 26.02.2026 01:07:42
- Zuletzt bearbeitet 27.02.2026 17:16:23
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifi...
CVE-2026-27903
- EPSS 0.02%
- Veröffentlicht 26.02.2026 01:06:32
- Zuletzt bearbeitet 27.02.2026 17:21:22
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob p...
CVE-2026-26996
- EPSS 0.02%
- Veröffentlicht 20.02.2026 03:16:01
- Zuletzt bearbeitet 06.03.2026 21:32:10
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards...
CVE-2022-3517
- EPSS 0.45%
- Veröffentlicht 17.10.2022 20:15:09
- Zuletzt bearbeitet 13.05.2025 14:15:18
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
CVE-2016-10540
- EPSS 0.44%
- Veröffentlicht 31.05.2018 20:29:01
- Zuletzt bearbeitet 21.11.2024 02:44:13
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.