CVE-2016-10540 (High) detected in minimatch-0.3.0.tgz, minimatch-2.0.10.tgz - autoclosed

## CVE-2016-10540 - High Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - minimatch-0.3.0.tgz, minimatch-2.0.10.tgz</summary>


<details><summary>minimatch-0.3.0.tgz</summary>

a glob matcher in javascript
Library home page: <a href="https://registry.npmjs.org/minimatch/-/minimatch-0.3.0.tgz">https://registry.npmjs.org/minimatch/-/minimatch-0.3.0.tgz</a>
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/tape/node_modules/minimatch/package.json


Dependency Hierarchy:
 - tape-3.6.1.tgz (Root Library)
 - glob-3.2.11.tgz
 - :x: **minimatch-0.3.0.tgz** (Vulnerable Library)
</details>
<details><summary>minimatch-2.0.10.tgz</summary>

a glob matcher in javascript
Library home page: <a href="https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz">https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz</a>
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/babel-core/node_modules/minimatch/package.json,/node_modules/eslint/node_modules/minimatch/package.json


Dependency Hierarchy:
 - standard-4.5.4.tgz (Root Library)
 - eslint-0.24.1.tgz
 - :x: **minimatch-2.0.10.tgz** (Vulnerable Library)
</details>

Found in base branch: main
</details>


</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> Vulnerability Details</summary>
 
 
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript "RegExp" objects. The primary function, "minimatch(path, pattern)" in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the "pattern" parameter.
 Mend Note: The description of this vulnerability differs from MITRE. 

Publish Date: 2018-05-31
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2016-10540>CVE-2016-10540</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (7.5)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: None
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: None
 - Integrity Impact: None
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://www.npmjs.com/advisories/118">https://www.npmjs.com/advisories/118</a>
Release Date: 2018-05-31
Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (tape): 4.0.0Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (standard): 6.0.0


</details>


***

- [ ] Check this box to open an automated fix PR

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2016-10540 (High) detected in minimatch-0.3.0.tgz, minimatch-2.0.10.tgz - autoclosed #41

CVE-2016-10540 - High Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2016-10540 (High) detected in minimatch-0.3.0.tgz, minimatch-2.0.10.tgz - autoclosed #41

Description

CVE-2016-10540 - High Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions