CVE Vulnerability

CVE-2022-3517

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/grafana/grafana-image-renderer/issues/329 Issue Tracking Patch
https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/
Configurations

Configuration 1

cpe:2.3:a:minimatch_project:minimatch:*:*:*:*:*:node.js:*:*
Information

Published : 2022-10-17 08:15

Updated : 2023-01-21 06:15

NVD link : CVE-2022-3517

Mitre link : CVE-2022-3517

Products Affected
No products.
CWE
CWE-400