GHSA-23c5-xmqv-rm74 — Vulnetix

GHSA-23c5-xmqv-rm74 PUBLISHED CVSS 7.5 HIGH

minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
isaacs	minimatch	*
isaacs	minimatch	7.0.0,

Exploit Intelligence

audit_report.json (github-poc)
audit_report.json (github-poc)
audit_report.json (github-poc)
audit_report.json (github-poc)
audit_report.json (github-poc)
config.yml (github-poc)
config.yml (github-poc)
config.yml (github-poc)
config.yml (github-poc)
config.yml (github-poc)

…and 45 more exploits

Timeline

CVE Published
Mar 2, 2026 Security Advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›