CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3517 – nodejs-minimatch: ReDoS via the braceExpand function
https://notcve.org/view.php?id=CVE-2022-3517
17 Oct 2022 — A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. Se ha encontrado una vulnerabilidad en el paquete minimatch. Este fallo permite una Denegación de Servicio por Expresión Regular (ReDoS) cuando es llamada a la función braceExpand con argumentos específicos, resultando en una Denegación de Servicio A vulnerability was found in the nodejs-minimatch ... • https://github.com/grafana/grafana-image-renderer/issues/329 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10540
https://notcve.org/view.php?id=CVE-2016-10540
31 May 2018 — Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. Minimatch es una utilidad de coincidencia mínima que funciona convirtiendo expresiones glob en objetos "RegExp" de JavaScript. La función primaria, "minimatch(path, pattern)", en Minimatch en versiones 3.0.1 y anteriores, es vulnerable a una denegación de servicio ... • https://nodesecurity.io/advisories/118 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •