VYPR

micromatch

by micromatch

npm: micromatch

Source repositories

CVEs (1)

  • CVE-2024-4067May 13, 2024
    risk 0.00cvss epss 0.01

    The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching…