VYPR

npm package

micromatch

pkg:npm/micromatch

Vulnerabilities (1)

  • CVE-2024-4067May 13, 2024
    affected < 4.0.8fixed 4.0.8

    The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching w