2 matches found
@actions-for-rust/core (>=0.1.6 <=0.1.8), @actions-rs-plus/core (>=0.0.0 <=0.7.5) +128 more potentially affected by CVE-2025-5890 via @actions/glob (>=0.1.2 <=0.7.0)
@actions/glob NPM version =0.1.2, =0.1.6, =0.0.0, =0.1.0, =1.0.1-2a6268e89ea5fbc66dadd1d897cac75b3f0a63e4.0, =0.1.0, =1.0.0, =4.0.0, =3.2.5, =1.1.0, =3.2.2, =2.0.0, =2.0.3 and more Source cves: CVE-2025-5890 Source advisory: SNYK:JS-ACTIONSGLOB-11484208...
CVE-2025-5890
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...