Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-3517

Published: 17/10/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Minimatch Project

Vulnerability Summary

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

minimatch project minimatch

debian debian linux 10.0

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Red Hat: Important: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates
概要 Important: Red Hat Advanced Cluster Management 270 security and bug fix updates タイプ/重大度 Security Advisory: Important トピック Red Hat Advanced Cluster Management for Kubernetes 270 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having ...
Red Hat: Moderate: nodejs:18 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9Red Hat Product Secu ...
Red Hat: Important: Migration Toolkit for Runtimes security update
Synopsis Important: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Important Topic An update is now available for Migration Toolkit for Runtimes (v101)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a ...
Red Hat: Moderate: nodejs:18 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Se ...
Red Hat: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update
Synopsis Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red ...
Red Hat: Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Synopsis Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9 ...
Red Hat: Moderate: nodejs:16 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.6.3 security update
Synopsis Important: Red Hat Advanced Cluster Management 263 security update Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 263 GeneralAvailability release images, which provide security updates, fix bugs, and update container imagesRed Hat Product Security has rated this update as havi ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 86 Extended Update ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 84 Extended Update ...
Red Hat: Moderate: nodejs:14 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

References

CWE-1333https://github.com/grafana/grafana-image-renderer/issues/329https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6https://lists.debian.org/debian-lts-announce/2023/01/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:0630
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook