Fluid Attacks Database

Description

minimatch ReDoS vulnerability A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	node-minimatch	=3.0.4+~3.0.3-1 \|\| >=0 <3.0.4+~3.0.3-1+deb11u1	3.0.4+~3.0.3-1+deb11u1
debian 12	node-minimatch	>=0 <3.0.5+~3.0.5-1	3.0.5+~3.0.5-1
debian 14	node-minimatch	>=0 <3.0.5+~3.0.5-1	3.0.5+~3.0.5-1
npm	minimatch	>=0 <3.0.5	3.0.5
debian 13	node-minimatch	>=0 <3.0.5+~3.0.5-1	3.0.5+~3.0.5-1
rpm rhel8.6	nodejs	<1:14.21.3-1.module+el8.6.0+18532+cbe6f646	1:14.21.3-1.module+el8.6.0+18532+cbe6f646
rpm rhel6	firefox	-	-
rpm rhel7	firefox	-	-
rpm rhel8	389-ds-base	-	-
rpm rhel9	389-ds-base	-	-

1-10 of 18

Aliases

1. CVE-2022-35172. NVD-2022-35173. OSV-DEBIAN-2022-35174. OSV-2022-35175. GCVE-2022-35176. SECURITY-TRACKER-CVE-2022-35177. lists.debian.org

References

1. https://github.com/grafana/grafana-image-renderer/issues/3292. https://github.com/nodejs/node/issues/425103. https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e64. https://lists.fedoraproject.org/archives/list/[email protected]/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q35. https://lists.fedoraproject.org/archives/list/[email protected]/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.