Lucene search

K
githubGitHub Advisory DatabaseGHSA-CJ88-88MR-972W
HistoryJul 18, 2022 - 5:03 p.m.

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

2022-07-1817:03:23
CWE-400
CWE-1333
GitHub Advisory Database
github.com
45
glob-parent 6.0.0
regular expression denial of service
redos
software
vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.7%

glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.

This vulnerability is separate from GHSA-ww39-953v-wcq6.

Affected configurations

Vulners
Node
gulpjsglob-parentMatch6.0.0node.js
VendorProductVersionCPE
gulpjsglob-parent6.0.0cpe:2.3:a:gulpjs:glob-parent:6.0.0:*:*:*:*:node.js:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.7%