minimatch ReDoS vulnerability #290

Closed
opened 2023-05-02 18:01:38 +01:00 by Vylpes · 1 comment
Owner

Package: minimatch (npm)
Affected versions: < 3.0.5
Patched version: 3.0.5


A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Package: minimatch (npm) Affected versions: < 3.0.5 Patched version: 3.0.5 --- A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Vylpes added this to the 3.0.7 milestone 2023-05-02 18:01:43 +01:00
Vylpes added the
type
dependencies
label 2023-05-02 18:01:48 +01:00
Author
Owner
jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0
jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on test-exclude@6.0.0
typeorm@0.2.44 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0
``` jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0 jest@27.4.5 requires minimatch@^3.0.4 via a transitive dependency on test-exclude@6.0.0 typeorm@0.2.44 requires minimatch@^3.0.4 via a transitive dependency on glob@7.2.0 ```
Vylpes started working 2023-05-08 17:28:37 +01:00
Vylpes stopped working 2023-05-08 17:35:27 +01:00
6 minutes 50 seconds
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Total time spent: 6 minutes 50 seconds
Vylpes
6 minutes 50 seconds
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: RabbitLabs/vylbot-app#290
No description provided.