This repository has been archived by the owner on Aug 17, 2021. It is now read-only.
CVE-2016-10540 (High) detected in multiple libraries #258
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2016-10540 - High Severity Vulnerability
Vulnerable Libraries - minimatch-0.4.0.tgz, minimatch-2.0.10.tgz, minimatch-0.3.0.tgz
minimatch-0.4.0.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-0.4.0.tgz
Path to dependency file: angular-recaptcha/package.json
Path to vulnerable library: angular-recaptcha/node_modules/fileset/node_modules/minimatch/package.json
Dependency Hierarchy:
minimatch-2.0.10.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: angular-recaptcha/package.json
Path to vulnerable library: angular-recaptcha/node_modules/grunt-karma-coveralls/node_modules/minimatch/package.json,angular-recaptcha/node_modules/istanbul/node_modules/minimatch/package.json
Dependency Hierarchy:
minimatch-0.3.0.tgz
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-0.3.0.tgz
Path to dependency file: angular-recaptcha/package.json
Path to vulnerable library: angular-recaptcha/node_modules/fileset/node_modules/glob/node_modules/minimatch/package.json,angular-recaptcha/node_modules/grunt-karma-coveralls/node_modules/karma-coverage/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in HEAD commit: d0c7317c1908251604c4e710c797fdf348d2bc46
Found in base branch: master
Vulnerability Details
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript
RegExp
objects. The primary function,minimatch(path, pattern)
in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in thepattern
parameter.Publish Date: 2018-05-31
URL: CVE-2016-10540
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/118
Release Date: 2016-06-20
Fix Resolution: Update to version 3.0.2 or later.
The text was updated successfully, but these errors were encountered: