minimatch
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting minimatchpage 1 of 1
- CVE-2016-10540HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.22018-05-31
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` par…
- CVE-2022-3517HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.52022-10-17
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Check whether minimatch is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for minimatch CVEs against the assets you own.
Start Free Scan →