CVE-2016-10540

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10540

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10540.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-10540

Aliases

GHSA-hxm2-r34f-qmc5

Downstream

DEBIAN-CVE-2016-10540

UBUNTU-CVE-2016-10540

USN-4783-1

Published

2018-05-31T20:29:01Z

Modified

2025-09-19T08:07:52.499235Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.

References

https://nodesecurity.io/advisories/118

Affected packages

Git / github.com/isaacs/minimatch

Affected ranges

Type: GIT
Repo: https://github.com/isaacs/minimatch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8ac560e212d1b19b1b78685521ccc67a28d366e6

Affected versions

0.*

0.0.4

0.0.5

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

v0.*

v0.0.1

v0.2.10

v0.2.11

v0.2.12

v0.2.13

v0.2.14

v0.2.6

v0.2.7

v0.2.8

v0.2.9

v0.3.0

v0.4.0

v1.*

v1.0.0

v2.*

v2.0.0

v2.0.0-0

v2.0.1

v2.0.10

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v3.*

v3.0.0

v3.0.1