Skip to content

NPM Audit - Security Vulnerability - picomatch@4.0.3 #489

Description

@mohan1149

Prerequisite
Install react-multi-carousel

picomatch is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as +() and *(), especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input.

To Reproduce
Steps to reproduce the behavior:

  1. npm install react-multi-carousel
  2. npm audit
  3. See error

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions