High severityNVD Advisory· Published Oct 17, 2022· Updated May 13, 2025
CVE-2022-3517
CVE-2022-3517
Description
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
minimatchnpm | < 3.0.5 | 3.0.5 |
Affected products
11- ghsa-coords10 versionspkg:npm/minimatchpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npm
< 3.0.5+ 9 more
- (no CPE)range: < 3.0.5
- (no CPE)range: < 1:18.12.1-1.module_el9.1.0+16+91bc168f
- (no CPE)range: < 1:18.12.1-1.module_el9.1.0+16+91bc168f
- (no CPE)range: < 1:18.12.1-1.module_el9.1.0+16+91bc168f
- (no CPE)range: < 1:18.12.1-1.module_el9.1.0+16+91bc168f
- (no CPE)range: < 1:16.18.1-3.el9_1
- (no CPE)range: < 2.0.20-1.module_el9.1.0+16+91bc168f
- (no CPE)range: < 2021.06-4.module_el9.1.0+13+d9a595ea
- (no CPE)range: < 2021.06-4.module_el9.1.0+13+d9a595ea
- (no CPE)range: < 1:8.19.2-1.18.12.1.1.module_el9.1.0+16+91bc168f
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-f8q6-p94x-37v3ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-3517ghsaADVISORY
- github.com/grafana/grafana-image-renderer/issues/329ghsaWEB
- github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6ghsaWEB
- github.com/nodejs/node/issues/42510ghsaWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00011.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLKghsaWEB
News mentions
0No linked articles in our index yet.