org.webjars.npm:minimatch 10.0.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:minimatch package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Inefficient Algorithmic Complexity org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the `matchOne` function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containing multiple non-adjacent GLOBSTAR segments. How to fix Inefficient Algorithmic Complexity? A fix was pushed into the `master` branch but not yet published.	[0,)
H Regular Expression Denial of Service (ReDoS) org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested `extglob` patterns that trigger catastrophic backtracking in the regular expression engine. How to fix Regular Expression Denial of Service (ReDoS)? A fix was pushed into the `master` branch but not yet published.	[9.0.1,)
H Regular Expression Denial of Service (ReDoS) org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `AST` class, caused by catastrophic backtracking when an input string contains many `*` characters in a row, followed by an unmatched character. How to fix Regular Expression Denial of Service (ReDoS)? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Inefficient Algorithmic Complexity

org.webjars.npm:minimatch is a minimal matching utility.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containing multiple non-adjacent GLOBSTAR segments.

How to fix Inefficient Algorithmic Complexity?

A fix was pushed into the master branch but not yet published.

[0,)

Regular Expression Denial of Service (ReDoS)

org.webjars.npm:minimatch is a minimal matching utility.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob patterns that trigger catastrophic backtracking in the regular expression engine.

How to fix Regular Expression Denial of Service (ReDoS)?

A fix was pushed into the master branch but not yet published.

[9.0.1,)

Regular Expression Denial of Service (ReDoS)

org.webjars.npm:minimatch is a minimal matching utility.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the AST class, caused by catastrophic backtracking when an input string contains many * characters in a row, followed by an unmatched character.

How to fix Regular Expression Denial of Service (ReDoS)?

A fix was pushed into the master branch but not yet published.

[0,)

org.webjars.npm:minimatch@10.0.3 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically