GMS-2016-36: Regular Expression Denial of Service
The primary function, minimatch(path, pattern) is vulnerable to ReDoS in the pattern parameter. This is because of the regular expression on line of minimatch.js: /((?:\\{2})*)(\\?)\|/g,. The problematic portion of the regex is ((?:\\{2})*) which matches against //.
Code Behaviors & Features
Detect and mitigate GMS-2016-36 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →