High severity7.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10540
CVE-2016-10540
Description
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
minimatchnpm | < 3.0.2 | 3.0.2 |
Affected products
2- HackerOne/minimatch node modulev5Range: <=3.0.1
Patches
Vulnerability mechanics
References
4- nodesecurity.io/advisories/118nvdExploitThird Party Advisory
- github.com/advisories/GHSA-hxm2-r34f-qmc5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10540ghsaADVISORY
- www.npmjs.com/advisories/118ghsaWEB
News mentions
0No linked articles in our index yet.