CVE-2021-42135

CVE-2021-42135 affects HashiCorp Vault and Vault Enterprise 1.8.x–1.8.4, describing an unexpected interaction between glob-related policies and the Google Cloud secrets engine. The root cause is a policy-glob interaction that may grant more privileges than intended, e.g., a user with read access ...

PT-2021-23554 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.8.x through 1.8.4 Description: The issue is related to an unexpected interaction between glob-related policies and the Google Cloud secrets engine. This may result in users having more privilege...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:3281)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3281 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Regular Expression Denial Of Service (ReDoS)

glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...

nodejs-glob-parent: Regular expression denial of service

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

The vulnerability of the library/glob.html package in Python programs, which allows a perpetrator to compromise the integrity of protected information

The vulnerability of the library/glob.html package in Python is related to incorrect calculations. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of the protected information...

The vulnerability of the `glob` function in the glibc library of the Aurora operating system, related to the use of memory after it is freed, allows a hacker to increase their privileges and execute arbitrary code.

The vulnerability of the glob function in the glibc library of the Aurora operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2013:1251-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular expression denial of service

Overview glob-parent before 5.1.2 has a regular expression denial of service vulnerability. The enclosure regex used to check for strings ending in enclosure containing path separator. Recommendation Upgrade to version 5.1.2 or later References - CVE - GitHub Advisory...

@aisino/cli-plugin-unit-mocha (>=0.0.1 <=1.0.15), @aws-amplify/cli (=4.44.1-beta.0) +29 more potentially affected by CVE-2020-28469 via glob-parent (>=5.0.0 <=5.1.1)

glob-parent NPM version =5.0.0, =0.0.1, =0.0.1, =5.0.1, =0.6.1, =0.14.0, =26.4.0, =0.0.2, =4.0.0, =1.0.0, =2.21.3-beta.0, =2.22.2-dev.11 - amplify-provider-awscloudformation =4.39.1-beta.0 - amplify-util-mock =3.28.1-beta.0 and more Source cves: CVE-2020-28469 Source advisory:...

GHSA-WW39-953V-WCQ6 glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

AZL-44118 CVE-2020-28469 affecting package nodejs-nodemon 2.0.3-5

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

AZL-44862 CVE-2020-28469 affecting package js-jquery 3.5.0-4

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

DEBIAN-CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...