minimatch ReDoS vulnerability #290

New issue

Closed

opened 2023-05-02 18:01:38 +01:00 by Vylpes · 1 comment

Vylpes commented 2023-05-02 18:01:38 +01:00

Owner

Copy link

Package: minimatch (npm)
Affected versions: < 3.0.5
Patched version: 3.0.5

---

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Package: minimatch (npm) Affected versions: < 3.0.5 Patched version: 3.0.5 --- A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Vylpes added this to the 3.0.7 milestone 2023-05-02 18:01:43 +01:00

Vylpes added the

type

dependencies

label 2023-05-02 18:01:48 +01:00

Vylpes commented 2023-05-02 18:02:03 +01:00

Author

Owner

Copy link

jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0
jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on test-exclude@6.0.0
typeorm@0.2.44 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0

``` jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0 jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on test-exclude@6.0.0 typeorm@0.2.44 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0 ```

Vylpes started working 2023-05-08 17:28:37 +01:00

Vylpes stopped working 2023-05-08 17:35:27 +01:00

6 minutes 50 seconds

Vylpes closed this issue 2023-05-08 18:29:28 +01:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

develop

feature/195-list-moons

feature/258-fix-tests

hotfix/3.2.2

v3.2.2

v3.2.1

v3.2.0

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.7

v3.0.6

v3.0.5

v3.1-alpha1

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0

v3.0-rc2

v3.0-rc1

v3.0-beta2

v3.0-beta1

v2.1.3

Labels

Clear labels   

blocked

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

needs criteria

  

needs estimate

  

question

Further information is requested

  

type

admin

  

type

bug

Something isn't working

  

type

defect

A task that has fallen out of testing

  

type

dependencies

Pull requests that update a dependency file

  

type

documentation

Improvements or additions to documentation

  

type

epic

  

type

incident

  

type

investigation

  

type

spike

  

type

story

  

type

subtask

  

wontfix

This will not be worked on

  

blocked

  

duplicate

  

needs criteria

  

needs estimate

  

question

  

type

admin

  

type

alert

  

type

bug

  

type

defect

  

type

dependencies

  

type

design

  

type

documentation

  

type

epic

  

type

incident

  

type

investigation

  

type

spike

  

type

story

  

won't fix

No labels

blocked

duplicate

enhancement

good first issue

help wanted

invalid

needs criteria

needs estimate

question

type

admin

type

bug

type

defect

type

dependencies

type

documentation

type

epic

type

incident

type

investigation

type

spike

type

story

type

subtask

wontfix

blocked

duplicate

needs criteria

needs estimate

question

type

admin

type

alert

type

bug

type

defect

type

dependencies

type

design

type

documentation

type

epic

type

incident

type

investigation

type

spike

type

story

won't fix

Milestone

Clear milestone

No items

No milestone

3.0.7

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Total time spent: 6 minutes 50 seconds

Vylpes

6 minutes 50 seconds

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: RabbitLabs/vylbot-app#290

No description provided.