GHSA-7R86-CG39-JMMJ minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

Summary matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR segments and the input path does not match. The time complexity is OCn, k -- binomial -- where n is the number of path segments and k is the number of globstars. With k=11 and...

Inefficient Algorithmic Complexity

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containi...

Inefficient Algorithmic Complexity

Overview org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob...

minimatch 安全漏洞

Minimatch is a global matcher in JavaScript developed by Isaacs. Versions prior to 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 have security vulnerabilities due to unbounded recursive backtracking in the matchOne function, which may lead to denial of service...