2 matches found
CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
GHSA-23C5-XMQV-RM74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
Summary Nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic backtracking in V8. With a 12-byte pattern a|b and an 18-byte non-matching input, minimatch stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes...