PT-2022-10388

Name of the Vulnerable Software and Affected Versions glob-parent versions prior to 6.0.1 Description The issue allows ReDoS regular expression denial of service attacks against the enclosure regular expression in the glob-parent package for Node.js. Recommendations For versions prior to 6.0.1,...

Updated golang packages fix security vulnerability

net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a "chunked" encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to...

CVE-2022-30630

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

PT-2022-20220 · Go +8 · Go +8

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in Glob in io/fs, which allows an attacker to cause a panic due to stack exhaustion. This can be achieved by providing a path...

PT-2022-20221 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in Glob in path/filepath, which allows an attacker to cause a panic due to stack exhaustion via a path containing a large...

new packages: perl-Text-Glob

An update is available for perl-Text-Glob. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

The vulnerability of the bsd_glob function in the Perl programming language allows a hacker to trigger a service failure.

The vulnerability of the bsdglob function in the Perl programming language is related to resource release errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

Slackware: Security Advisory (SSA:2016-308-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5171 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

RHEL 8 : nodejs:14 (RHSA-2022:0246)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0246 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

The vulnerability of the `glob` function in the GNU C library allows a hacker to execute arbitrary code.

The vulnerability of the glob function in the GNU C library is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

Oracle Linux 8 : nodejs:16 (ELSA-2021-5171)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-5171 advisory. - Resolves CVE-2020-28469 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

RLSA-2021:5171 Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.13.1, nodejs-nodemon 2.0.15. BZ2027610 Security Fixes: nodejs-json-schema:...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

Privilege Escalation

github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability exists due to the unexpected interaction between glob-related policies and the google cloud secrets engine, which allows an attacker with read permission to read all the rolesets and perform unauthorized actions...

GHSA-362V-WG5P-64W2 Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...