Skip to content

Urgent - Security Vulnerability #19460

New issue
New issue
Open
Open
Urgent - Security Vulnerability#19460
Labels
Waiting for: Product Owner
@Sydney-o9

Description

@Sydney-o9
Sydney-o9
opened on Feb 21, 2026

Description

Summary

@sentry/node depends on minimatch ^9.0.3, which has a known ReDoS vulnerability.

Vulnerability

  • CVE: GHSA-3ppc-4f35-3m26
  • Severity: High
  • Issue: ReDoS via repeated wildcards with non-matching literal in pattern
  • Fixed in: minimatch 10.2.1+

Request

Please upgrade minimatch dependency from ^9.0.3 to ^10.2.1 in @sentry/node.

Impact

Affects @sentry/nextjs and all packages depending on @sentry/node.

References

GHSA-3ppc-4f35-3m26

Metadata

Metadata

Assignees

No one assigned

    Labels

    Waiting for: Product Owner

    Projects

    GitHub Issues with 👀 3

    Status

    Waiting for: Product Owner

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions