CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
gulpjsglob-parent
6.0.0 ≤
𝑥
< 6.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-glob-parent
bookworm
6.0.2+~5.1.1-2
fixed
bullseye
no-dsa
buster
no-dsa
sid
6.0.2+~5.1.1-2
fixed
trixie
6.0.2+~5.1.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-glob-parent
bionic
needs-triage
focal
needs-triage
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
ignored
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
nodejs
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-docs
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-full-i18n
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-libs
RHEL 9
1:16.19.1-1.el9_2
fixed
nodejs-nodemon
RHEL 9
0:2.0.20-3.el9_2
fixed
npm
RHEL 9
1:8.19.3-1.16.19.1.1.el9_2
fixed
Common Weakness Enumeration
References
https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
https://github.com/gulpjs/glob-parent/pull/49
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294
https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
https://github.com/gulpjs/glob-parent/pull/49
https://security.netapp.com/advisory/ntap-20230214-0010/
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294