GoogleOSV:GHSA-CJ88-88MR-972Wglob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
29.7%
glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.
This vulnerability is separate from GHSA-ww39-953v-wcq6.
| CPE | Name | Operator | Version |
|---|---|---|---|
| glob-parent | eq | 6.0.0 |
References
github.com/gulpjs/glob-parent
github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f47
github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
github.com/gulpjs/glob-parent/pull/49
github.com/gulpjs/glob-parent/releases/tag/v6.0.1
github.com/opensearch-project/OpenSearch-Dashboards/issues/1103
nvd.nist.gov/vuln/detail/CVE-2021-35065
security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294
www.mend.io/vulnerability-database/CVE-2021-35065
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
29.7%