security vulnerability in glob@7.1.6 dependency minimatch@3.0.4

Question

security vulnerability in glob@7.1.6 dependency minimatch@3.0.4

TejaJag opened this issue 2 years ago · 1 comments

swagger-jsdoc latest version is using glob@7.1.6 which uses minimatch@3.0.4.

└─┬ swagger-jsdoc@6.2.8
└─┬ glob@7.1.6
└── minimatch@3.0.4

This Minimatch package contains a regular expression denial-of-service (ReDoS) vulnerability because of improper input validation. An attacker could exploit this flaw by calling the braceExpand() function with specific arguments.

Updating glob to latest version(or major version 8) will fix this.

Answer 1 · 2023-03-26T05:30:45.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.