Lucene search

GitHub Advisory DatabaseGHSA-WW39-953V-WCQ6

HistoryJun 07, 2021 - 9:56 p.m.

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

2021-06-0721:56:34

CWE-400

GitHub Advisory Database

github.com

901

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.3%

JSON

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

CPENameOperatorVersion
glob-parentlt5.1.2

CPE	Name	Operator	Version
	glob-parent	lt	5.1.2

References

github.com/advisories/GHSA-ww39-953v-wcq6

github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9

github.com/gulpjs/glob-parent/pull/36

github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46

github.com/gulpjs/glob-parent/releases/tag/v5.1.2

nvd.nist.gov/vuln/detail/CVE-2020-28469

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092

snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

www.oracle.com/security-alerts/cpujan2022.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for GHSA-WW39-953V-WCQ6