{"id":"CVE-2022-3517","details":"A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.","aliases":["GHSA-f8q6-p94x-37v3"],"modified":"2026-04-16T00:01:33.620331380Z","published":"2022-10-17T20:15:09.937Z","related":["ALSA-2022:8832","ALSA-2022:8833","ALSA-2022:9073","ALSA-2023:0050","ALSA-2023:0321","ALSA-2023:1743"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"},{"type":"ADVISORY","url":"https://github.com/grafana/grafana-image-renderer/issues/329"},{"type":"ADVISORY","url":"https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html"},{"type":"REPORT","url":"https://github.com/grafana/grafana-image-renderer/issues/329"},{"type":"FIX","url":"https://github.com/grafana/grafana-image-renderer/issues/329"},{"type":"FIX","url":"https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress-develop","events":[{"introduced":"0"},{"fixed":"12cad235939dd6bdea625635bdb6bd06d2408504"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3517.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}