SnykCVELIST:CVE-2020-28469CVE-2020-28469 Regular Expression Denial of Service (ReDoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
85.6%
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
CNA Affected
[
{
"product": "glob-parent",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
github.com/gulpjs/glob-parent/pull/36
github.com/gulpjs/glob-parent/releases/tag/v5.1.2
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
www.oracle.com/security-alerts/cpujan2022.html
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
85.6%