12 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to...
CLSA-2026-1776783520 nodejs: Fix of 2 CVEs
CVE-2026-26996: fix ReDoS in bundled minimatch caused by consecutive non-globstar characters, by coalescing them during pattern compilation - CVE-2026-27904: fix ReDoS in bundled minimatch from nested extglobs and multiple non-adjacent wildcards, by limiting globstar recursion...
CLSA-2026-1776782592 nodejs: Fix of 2 CVEs
CVE-2026-26996: fix ReDoS in bundled minimatch caused by consecutive non-globstar characters, by coalescing them during pattern compilation - CVE-2026-27904: fix ReDoS in bundled minimatch from nested extglobs and multiple non-adjacent wildcards, by limiting globstar recursion...
Security Bulletin: DevOps Test Performance contains a potential denial of service (DoS) vulnerability
Summary Due to the use of the minimatch library, DevOps Test Performance and Rational Performance Tester contain a potential denial of Service vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into...
Regular Expression Denial Of Service (ReDoS)
minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unbounded recursive processing in matchOne when handling multiple non-adjacent GLOBSTAR patterns, which allows an attacker to supply crafted glob inputs that significantly delay execution and block...
GHSA-7R86-CG39-JMMJ minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
Summary matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR segments and the input path does not match. The time complexity is OCn, k -- binomial -- where n is the number of path segments and k is the number of globstars. With k=11 and...
DEBIAN-CVE-2026-27903
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...
CVE-2026-27903
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...
CVE-2026-27903
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...
CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...
CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...
PT-2026-22078
Name of the Vulnerable Software and Affected Versions minimatch versions prior to 3.1.3 minimatch versions 3.1.3 through 4.2.5 minimatch versions 4.2.5 through 5.1.8 minimatch versions 5.1.8 through 6.2.2 minimatch versions 6.2.2 through 7.4.8 minimatch versions 7.4.8 through 8.0.6 minimatch...