minimatch 10.1.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the minimatch package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Inefficient Algorithmic Complexity minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the `matchOne` function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containing multiple non-adjacent GLOBSTAR segments. How to fix Inefficient Algorithmic Complexity? Upgrade `minimatch` to version 3.1.3, 4.2.5, 5.1.8, 6.2.2, 7.4.8, 8.0.6, 9.0.7, 10.2.3 or higher.	<3.1.3>=4.0.0 <4.2.5>=5.0.0 <5.1.8>=6.0.0 <6.2.2>=7.0.0 <7.4.8>=8.0.0 <8.0.6>=9.0.0 <9.0.7>=10.0.0 <10.2.3
H Regular Expression Denial of Service (ReDoS) minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested `extglob` patterns that trigger catastrophic backtracking in the regular expression engine. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `minimatch` to version 8.0.6, 9.0.7, 10.2.3 or higher.	>=8.0.0 <8.0.6>=9.0.0 <9.0.7>=10.0.0 <10.2.3
H Regular Expression Denial of Service (ReDoS) minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `AST` class, caused by catastrophic backtracking when an input string contains many `*` characters in a row, followed by an unmatched character. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `minimatch` to version 3.1.3, 4.2.4, 5.1.7, 6.2.1, 7.4.7, 8.0.5, 9.0.6, 10.2.1 or higher.	<3.1.3>=4.0.0 <4.2.4>=5.0.0 <5.1.7>=6.0.0 <6.2.1>=7.0.0 <7.4.7>=8.0.0 <8.0.5>=9.0.0 <9.0.6>=10.0.0 <10.2.1

Vulnerability

Vulnerable Version

Inefficient Algorithmic Complexity

minimatch is a minimal matching utility.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the matchOne function. An attacker can cause significant delays in processing and stall the event loop by supplying specially crafted glob patterns containing multiple non-adjacent GLOBSTAR segments.

How to fix Inefficient Algorithmic Complexity?

Upgrade minimatch to version 3.1.3, 4.2.5, 5.1.8, 6.2.2, 7.4.8, 8.0.6, 9.0.7, 10.2.3 or higher.

<3.1.3>=4.0.0 <4.2.5>=5.0.0 <5.1.8>=6.0.0 <6.2.2>=7.0.0 <7.4.8>=8.0.0 <8.0.6>=9.0.0 <9.0.7>=10.0.0 <10.2.3

Regular Expression Denial of Service (ReDoS)

minimatch is a minimal matching utility.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob patterns that trigger catastrophic backtracking in the regular expression engine.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade minimatch to version 8.0.6, 9.0.7, 10.2.3 or higher.

>=8.0.0 <8.0.6>=9.0.0 <9.0.7>=10.0.0 <10.2.3

Regular Expression Denial of Service (ReDoS)

minimatch is a minimal matching utility.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the AST class, caused by catastrophic backtracking when an input string contains many * characters in a row, followed by an unmatched character.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade minimatch to version 3.1.3, 4.2.4, 5.1.7, 6.2.1, 7.4.7, 8.0.5, 9.0.6, 10.2.1 or higher.

<3.1.3>=4.0.0 <4.2.4>=5.0.0 <5.1.7>=6.0.0 <6.2.1>=7.0.0 <7.4.7>=8.0.0 <8.0.5>=9.0.0 <9.0.6>=10.0.0 <10.2.1

minimatch@10.1.3 vulnerabilities

a glob matcher in javascript

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically