golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

glob-trans.eu Cross Site Scripting vulnerability OBB-3911606

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Fedora: Security Advisory for jakarta-oro (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jakarta-oro-2.0.8-44.fc40

The Jakarta-ORO Java classes are a set of text-processing Java classes that provide Perl5 compatible regular expressions, AWK-like regular expressions, glob expressions, and utility classes for performing substitutions, splits, filtering filenames, etc. This library is the successor to the...

BIT-GOLANG-2022-30630 Stack exhaustion in Glob on certain paths in io/fs

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...

BIT-GOLANG-2022-30632 Stack exhaustion on crafted paths in path/filepath

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...

BIT-GULP-2020-28469 Regular Expression Denial of Service (ReDoS)

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

PT-2024-19813 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.17 Vite versions prior to 3.2.8 Vite versions prior to 4.5.2 Vite versions prior to 5.0.12 Description: The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented...

Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is affected by opennms-opennms-source-26.0.0-1 dependent packages. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2020-8116 DESCRIPTION: Node.js dot-prop could allow a...

Rocky Linux 8 : nodejs:14 (RLSA-2022:0350)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0350 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

SUSE CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

SUSE CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js glob-parent denial of service vulnerability( CVE-2021-35065)

Summary Potential Node.js glob-parent denial of service vulnerability CVE-2021-35065 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-35065 DESCRIPTION: Node.js glob-parent module...

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.14.2-2 - Provide simduft - Resolves: 2159389 1:18.14.2-1 - Rebase to 18.14.2 - Resolves: 2159389 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon 2.0.20-2 - Patch bundled glob-parent -...

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...