Giters

serverless / serverless

⚡ Serverless Framework – Use AWS Lambda and other managed cloud services to build apps that auto-scale, cost nothing when idle, and boast radically low maintenance.

Home Page:https://serverless.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

micromatch vulnerability

mark2093 opened this issue · comments

commented

Issue description

There is a vulnerability detected (serverless@3.38.0) by Snyk regarding micromatch

Context

serverless@3.38.0 > @serverless/dashboard-plugin@7.2.3 > @serverless/platform-client@4.5.1 > fast-glob@3.3.2 > micromatch@4.0.5

Affected versions of this package are vulnerable to Inefficient Regular Expression Complexity due to the use of unsafe pattern configurations that allow greedy matching through the micromatch.braces() function. An attacker can cause the application to hang or slow down by passing a malicious payload that triggers extensive backtracking in regular expression processing.