CVE-2024-4067MEDIUMCVSS 5.3fixed in 4.0.82024-05-14
CVE-2024-4067 [MEDIUM] CWE-1333 CVE-2024-4067: The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (R
The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bra
nvd