jonschlinkert micromatch CVE Vulnerabilities (1)

CVEs: 1 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting jonschlinkert micromatch (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-4067 The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged 596c5446-0ce5-4ba2-aa66-48b3b757a647 5.3 1.43% 2024-05-14 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence