Lucene search
K
Minimatch ProjectMinimatch

5 matches found

CVE
CVE
added 2026/02/26 1:7 a.m.1233 views

CVE-2026-27904

CVE-2026-27904 concerns minimatch, a glob-to-RegExp utility. Prior to versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested () extglobs can produce regexps with nested unbounded quantifiers, causing catastrophic backtracking in V8. A 12-byte pattern like ( ( (a|b))) with an...

7.5CVSS5.5AI score0.00472EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.394 views

CVE-2022-3517

CVE-2022-3517 corresponds to a minimatch ReDoS vulnerability in braceExpand. The issue is triggered by specific braceExpand inputs, enabling a Denial of Service with CVSS 3.1 v3.1 base score 7.5 (HIGH). Connected Atlassian Jira entries describe a DoS impact in Jira Software/Data Center, Server (1...

7.5CVSS7.7AI score0.01674EPSS
CVE
CVE
added 2026/02/26 1:6 a.m.230 views

CVE-2026-27903

The CVE concerns minimatch prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, where matchOne() can backtrack unboundedly when a glob includes multiple non-adjacent GLOBSTAR segments. This causes exponential-like time complexity (O(C(n, k))) and can stall the Node.js eve...

7.5CVSS5.5AI score0.00517EPSS
CVE
CVE
added 2026/02/20 3:5 a.m.190 views

CVE-2026-26996

CVE-2026-26996 affects minimatch, a glob-to-RegExp utility. Versions 10.2.0 and earlier are vulnerable to a Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal not present in the test string. Each * creates a separate [^/]*?...

8.7CVSS5.4AI score0.00519EPSS
CVE
CVE
added 2018/05/31 8:0 p.m.96 views

CVE-2016-10540

CVE-2016-10540 refers to Minimatch (node) where the function minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS through the pattern parameter. The connected IBM security bulletin reiterates the same description and CVSS base score of 7.5, noting multiple related CVEs b...

7.5CVSS7.3AI score0.01743EPSS