CVE-2022-3517
published 2022-10-17CVE-2022-3517: A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.67%
73.9th percentile
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | node-minimatch | < node-minimatch 3.0.5+~3.0.5-1 (bookworm) | node-minimatch 3.0.5+~3.0.5-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| minimatch_project | minimatch | < 3.0.5 | 3.0.5 |
| minimatch_project | minimatch | — | — |
| minimatch_project | minimatch | >= 0 < 3.0.5 | 3.0.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_oracle8.6HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
minimatch vulnerability
vendor_ubuntu·2023-05-18
CVE-2022-3517 minimatch vulnerability
Title: minimatch vulnerability
Summary: minimatch could be made to crash if it opened a specially crafted input file.
It was discovered that minimatch incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
nodejs-minimatch: ReDoS via the braceExpand function
vendor_redhat·2022-02-06·CVSS 7.5
CVE-2022-3517 [HIGH] CWE-1333 nodejs-minimatch: ReDoS via the braceExpand function
nodejs-minimatch: ReDoS via the braceExpand function
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Package: openshift-logging/logging-view-plugin-rhel8 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: rhmtc/openshift-migration-ui-rhel8 (Migration Toolkit for Containers) - Affected
Package: migration-toolkit-virtualization/mtv-ui-rhel8 (Migration Toolkit for Virtualization) - Fix deferred
Oracle
Oracle Oracle Systems Risk Matrix: Operating System Image — CVE-2021-3517
vendor_oracle·2022-01-15·CVSS 8.6
CVE-2021-3517 [HIGH] Oracle Oracle Systems Risk Matrix: Operating System Image — CVE-2021-3517
Oracle Oracle Systems Risk Matrix: Operating System Image vulnerability
CVE: CVE-2021-3517
CVSS: 8.6
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2022 (JAN 2022)
Debian
CVE-2022-3517: node-minimatch - A vulnerability was found in the minimatch package. This flaw allows a Regular E...
vendor_debian·2022·CVSS 7.5
CVE-2022-3517 [HIGH] CVE-2022-3517: node-minimatch - A vulnerability was found in the minimatch package. This flaw allows a Regular E...
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Scope: local
bookworm: resolved (fixed in 3.0.5+~3.0.5-1)
bullseye: resolved (fixed in 3.0.4+~3.0.3-1+deb11u1)
forky: resolved (fixed in 3.0.5+~3.0.5-1)
sid: resolved (fixed in 3.0.5+~3.0.5-1)
trixie: resolved (fixed in 3.0.5+~3.0.5-1)
GHSA
minimatch ReDoS vulnerability
ghsa·2022-10-18
CVE-2022-3517 [HIGH] CWE-1333 minimatch ReDoS vulnerability
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
OSV
minimatch ReDoS vulnerability
osv·2022-10-18
CVE-2022-3517 [HIGH] minimatch ReDoS vulnerability
minimatch ReDoS vulnerability
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
OSV
CVE-2022-3517: A vulnerability was found in the minimatch package
osv·2022-10-17·CVSS 7.5
CVE-2022-3517 [HIGH] CVE-2022-3517: A vulnerability was found in the minimatch package
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function
bugzilla·2022-10-13·CVSS 7.5
CVE-2022-3517 [HIGH] CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function
CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function
The nodejs-minimatch package versions before 3.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS). It's possible to cause a denial of service when calling the braceExpand function.
References:
https://github.com/grafana/grafana-image-renderer/issues/329
Discussion:
Upstream fix:
https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6
---
Created breeze-icon-theme tracking bugs for this issue:
Affects: epel-all [bug 2135441]
Affects: fedora-all [bug 2135447]
Created cockatrice tracking bugs for this issue:
Affects: fedora-all [bug 2135448]
Created couchdb tracking bugs for this issue:
Affects: fedora-all [bug 2135449]
Created fawkes tracking bugs for this issue:
Aff
arXiv
WildCode: An Empirical Analysis of Code Generated by ChatGPT
arxiv_fulltext·2025-12-03
WildCode: An Empirical Analysis of Code Generated by ChatGPT
WildCode: An Empirical Analysis of Code Generated by ChatGPT
Kobra Khanmohammadi10009-0004-1414-2111
Pooria Roy20009-0004-3990-9905
Raphael Khoury30000-0002-7625-3384
Abdelwahab Hamou-Lhadj40000-0002-3319-5006
Wilfried Patrick Konan 3
K. Khanmohammadi et al.
Sheridan College, Ontario, Canada;
[email protected]
School of Computing, Queen's University, Kingston, Canada;
[email protected]
Université du Québec en Outaouais (UQO), Canada;
[email protected]
Concordia University, Montreal, Canada;
[email protected]
[email protected]
-.5cm
## Abstract
LLM models are increasingly used to generate code, but the quality and security of this code are often uncertain. Several recent studies have raised alarm bells, indicating that such AI-generated code may be
https://github.com/grafana/grafana-image-renderer/issues/329https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6https://lists.debian.org/debian-lts-announce/2023/01/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/https://github.com/grafana/grafana-image-renderer/issues/329https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6https://lists.debian.org/debian-lts-announce/2023/01/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/
2022-10-17
Published