Lucene search

SnykCVELIST:CVE-2020-28469

HistoryJun 03, 2021 - 12:00 a.m.

CVE-2020-28469 Regular Expression Denial of Service (ReDoS)

2021-06-0300:00:00

snyk

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

8.5 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

CNA Affected

[
  {
    "product": "glob-parent",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "5.1.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9

github.com/gulpjs/glob-parent/pull/36

github.com/gulpjs/glob-parent/releases/tag/v5.1.2

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092

snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

www.oracle.com/security-alerts/cpujan2022.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

8.5 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

Related for CVELIST:CVE-2020-28469