CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3517 – nodejs-minimatch: ReDoS via the braceExpand function
https://notcve.org/view.php?id=CVE-2022-3517
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. Se ha encontrado una vulnerabilidad en el paquete minimatch. Este fallo permite una Denegación de Servicio por Expresión Regular (ReDoS) cuando es llamada a la función braceExpand con argumentos específicos, resultando en una Denegación de Servicio A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. • https://github.com/grafana/grafana-image-renderer/issues/329 https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat& • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10540
https://notcve.org/view.php?id=CVE-2016-10540
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. Minimatch es una utilidad de coincidencia mínima que funciona convirtiendo expresiones glob en objetos "RegExp" de JavaScript. La función primaria, "minimatch(path, pattern)", en Minimatch en versiones 3.0.1 y anteriores, es vulnerable a una denegación de servicio con expresiones regulares (ReDoS) en el parámetro "pattern". • https://nodesecurity.io/advisories/118 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •