Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/26 9:39 p.m.30 views

CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

5.3CVSS0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 9:39 p.m.6 views

CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:39 p.m.3 views

CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/26 9:39 p.m.3 views

CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

5.3CVSS5.8AI score0.0041EPSS
Exploits0
Rows per page
Query Builder