CVE-2016-10540

Summary

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.

Affected Software

VendorProductVersion RangeStatus
HackerOneminimatch node module<=3.0.1affected

Weaknesses

  • CWE-400: Denial of Service (CWE-400)

ADP Enrichment

CVE Program Container

Additional References

References