DEBIAN-CVE-2016-10540

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2016-10540

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2016-10540.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2016-10540

Upstream

CVE-2016-10540

Published

2018-05-31T20:29:01Z

Modified

2025-09-19T06:25:15Z

Summary

[none]

Details

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.

References

https://security-tracker.debian.org/tracker/CVE-2016-10540

Affected packages

Debian:11 / node-minimatch

Package

Name: node-minimatch
Purl: pkg:deb/debian/node-minimatch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / node-minimatch

Package

Name: node-minimatch
Purl: pkg:deb/debian/node-minimatch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / node-minimatch

Package

Name: node-minimatch
Purl: pkg:deb/debian/node-minimatch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / node-minimatch

Package

Name: node-minimatch
Purl: pkg:deb/debian/node-minimatch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}