CVE-2016-10540

Name of the Vulnerable Software and Affected Versions Minimatch versions 3.0.1 and earlier

Description The issue concerns a minimal matching utility that converts glob expressions into JavaScript RegExp objects. It is vulnerable to ReDoS in the pattern parameter of the primary function minimatch(path, pattern). This vulnerability can lead to regular expression denial of service attacks when user input is passed into the pattern argument.

Recommendations Update to version 3.0.2 or later. As a temporary workaround, consider restricting the use of the pattern parameter in the minimatch(path, pattern) function to minimize the risk of exploitation. Avoid using user input in the pattern argument until the issue is resolved.