What the vulnerability does

01Description

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.

Key dates

02Disclosure timeline

May 31, 2018 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE