The nodejs-minimatch package versions before 3.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS). It's possible to cause a denial of service when calling the braceExpand function. References: https://github.com/grafana/grafana-image-renderer/issues/329
Upstream fix: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6
Created breeze-icon-theme tracking bugs for this issue: Affects: epel-all [bug 2135441] Affects: fedora-all [bug 2135447] Created cockatrice tracking bugs for this issue: Affects: fedora-all [bug 2135448] Created couchdb tracking bugs for this issue: Affects: fedora-all [bug 2135449] Created fawkes tracking bugs for this issue: Affects: fedora-all [bug 2135450] Created gnome-shell-extension-material-shell tracking bugs for this issue: Affects: fedora-all [bug 2135451] Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-all [bug 2135452] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-all [bug 2135442] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2135453] Created librealsense tracking bugs for this issue: Affects: fedora-all [bug 2135454] Created mozjs68 tracking bugs for this issue: Affects: fedora-all [bug 2135455] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2135456] Created nodejs tracking bugs for this issue: Affects: fedora-all [bug 2135440] Created nodejs-bash-language-server tracking bugs for this issue: Affects: fedora-all [bug 2135457] Created nodejs-diagnostic-language-server tracking bugs for this issue: Affects: fedora-all [bug 2135458] Created nodejs-minimatch tracking bugs for this issue: Affects: epel-all [bug 2135443] Created nodejs-nodemon tracking bugs for this issue: Affects: fedora-all [bug 2135459] Created nodejs-tape tracking bugs for this issue: Affects: fedora-all [bug 2135460] Created nodejs:12/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2135461] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-all [bug 2135444] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2135462] Created nodejs:15/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2135464] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2135445] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2135465] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2135466] Created opencc tracking bugs for this issue: Affects: fedora-all [bug 2135467] Created perl-Code-TidyAll tracking bugs for this issue: Affects: fedora-all [bug 2135468] Created python-howdoi tracking bugs for this issue: Affects: fedora-all [bug 2135469] Created seamonkey tracking bugs for this issue: Affects: epel-all [bug 2135446] Affects: fedora-all [bug 2135470] Created tdlib tracking bugs for this issue: Affects: fedora-all [bug 2135471] Created yarnpkg tracking bugs for this issue: Affects: fedora-all [bug 2135472] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2135473]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8832 https://access.redhat.com/errata/RHSA-2022:8832
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:8833 https://access.redhat.com/errata/RHSA-2022:8833
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:9040 https://access.redhat.com/errata/RHSA-2022:9040
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:9073 https://access.redhat.com/errata/RHSA-2022:9073
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0050 https://access.redhat.com/errata/RHSA-2023:0050
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0321 https://access.redhat.com/errata/RHSA-2023:0321
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:0471 https://access.redhat.com/errata/RHSA-2023:0471
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:0612 https://access.redhat.com/errata/RHSA-2023:0612
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 Via RHSA-2023:0630 https://access.redhat.com/errata/RHSA-2023:0630
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3517
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743
This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742