5 matches found
CVE-2026-27904
CVE-2026-27904 concerns minimatch, a glob-to-RegExp utility. Prior to versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested () extglobs can produce regexps with nested unbounded quantifiers, causing catastrophic backtracking in V8. A 12-byte pattern like ( ( (a|b))) with an...
CVE-2022-3517
CVE-2022-3517 corresponds to a minimatch ReDoS vulnerability in braceExpand. The issue is triggered by specific braceExpand inputs, enabling a Denial of Service with CVSS 3.1 v3.1 base score 7.5 (HIGH). Connected Atlassian Jira entries describe a DoS impact in Jira Software/Data Center, Server (1...
CVE-2026-27903
The CVE concerns minimatch prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, where matchOne() can backtrack unboundedly when a glob includes multiple non-adjacent GLOBSTAR segments. This causes exponential-like time complexity (O(C(n, k))) and can stall the Node.js eve...
CVE-2026-26996
CVE-2026-26996 affects minimatch, a glob-to-RegExp utility. Versions 10.2.0 and earlier are vulnerable to a Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal not present in the test string. Each * creates a separate [^/]*?...
CVE-2016-10540
CVE-2016-10540 refers to Minimatch (node) where the function minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS through the pattern parameter. The connected IBM security bulletin reiterates the same description and CVSS base score of 7.5, noting multiple related CVEs b...