CX: CVE-2016-10540 in Npm-minimatch and 2.0.10 @ JavaVulnerableLab.master

**Description**

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter.

**HIGH Vulnerable Package** issue exists @ **minimatch** in branch **master**

**Vulnerability ID:** CVE-2016-10540

**Package Name:** minimatch

**Severity:** HIGH

**CVSS Score:** 7.5

**Publish Date:** 2018-05-31T20:29:00

**Current Package Version:** 2.0.10

**Remediation Upgrade Recommendation:** 3.0.5

[Link To SCA](https://sca.checkmarx.net/#/projects/d4f2d825-1fb5-49e7-ad6d-fd24d7e6ccd2/reports/2765eccf-f943-43c0-9650-1b1a2e5dbecc/vulnerabilities/CVE-2016-10540%3ANpm-minimatch-2.0.10/vulnerabilityDetailsGql)

[Reference – NVD link](https://nvd.nist.gov/vuln/detail/CVE-2016-10540)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX: CVE-2016-10540 in Npm-minimatch and 2.0.10 @ JavaVulnerableLab.master #173

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX: CVE-2016-10540 in Npm-minimatch and 2.0.10 @ JavaVulnerableLab.master #173

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions