CVE-2021-35065 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Affected Products (NVD)

Vendor	Product	Version
gulpjs	glob-parent	6.0.0 ≤ 𝑥 < 6.0.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

node-glob-parent

bookworm	6.0.2+~5.1.1-2 fixed
bullseye	no-dsa
buster	no-dsa
sid	6.0.2+~5.1.1-2 fixed
trixie	6.0.2+~5.1.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

node-glob-parent

bionic	needs-triage
focal	needs-triage
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

Known Exploits!

Common Weakness Enumeration

CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339

https://github.com/gulpjs/glob-parent/pull/49

https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294

https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339

https://github.com/gulpjs/glob-parent/pull/49

https://security.netapp.com/advisory/ntap-20230214-0010/

https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294