How to fix?
Upgrade micromatch to version 4.0.6 or higher.
Overview
Affected versions of this package are vulnerable to Inefficient Regular Expression Complexity due to the use of unsafe pattern configurations that allow greedy matching through the micromatch.braces() function. An attacker can cause the application to hang or slow down by passing a malicious payload that triggers extensive backtracking in regular expression processing.
Completion Criteria
[ ] Upgrade micromatch to version 4.0.6 or higher.
Affecting micromatch package, versions <4.0.6
How to fix? Upgrade micromatch to version 4.0.6 or higher.
Overview Affected versions of this package are vulnerable to Inefficient Regular Expression Complexity due to the use of unsafe pattern configurations that allow greedy matching through the micromatch.braces() function. An attacker can cause the application to hang or slow down by passing a malicious payload that triggers extensive backtracking in regular expression processing.
Completion Criteria