The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

References

github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339

github.com/gulpjs/glob-parent/pull/49

security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294

nessus 30

nvd 1

fedora 4

openvas 4

redhatcve 1

osv 10

debiancve 1

ibm 10

cve 1

prion 1

ubuntucve 1

github 1

veracode 1

almalinux 4

oraclelinux 4

rocky 3

redhat 15

nessus

Fedora 36 : yarnpkg (2023-5c6f32db6f)

2023-01-12 00:00:00

Fedora 37 : pgadmin4 (2023-496439cbdd)

2024-04-29 00:00:00

Fedora 37 : yarnpkg (2023-8d4b772755)

2024-04-29 00:00:00

nvd

CVE-2021-35065

2022-12-26 07:15:11

fedora

[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-2.fc37

2023-01-12 01:53:57

[SECURITY] Fedora 37 Update: pgadmin4-6.18-2.fc37

2023-01-12 01:53:58

[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-2.fc36

2023-01-12 01:35:37

openvas

Fedora: Security Advisory for yarnpkg (FEDORA-2023-8d4b772755)

2023-01-12 00:00:00

Fedora: Security Advisory for pgadmin4 (FEDORA-2023-496439cbdd)

2023-01-12 00:00:00

Fedora: Security Advisory for yarnpkg (FEDORA-2023-5c6f32db6f)

2023-01-12 00:00:00

redhatcve

CVE-2021-35065

2022-12-26 12:34:50

osv

CVE-2021-35065

2022-12-26 07:15:11

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

2022-07-18 17:03:23

BIT-gulp-2021-35065

2024-03-06 10:52:58

debiancve

CVE-2021-35065

2022-12-26 07:15:11

ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js glob-parent denial of service vulnerability( CVE-2021-35065)

2023-07-05 22:16:30

Security Bulletin: Open Source Dependency Vulnerability

2023-05-15 18:26:00

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

2021-11-30 16:26:43

cve

CVE-2021-35065

2022-12-26 07:15:11

prion

Code injection

2022-12-26 07:15:00

ubuntucve

CVE-2021-35065

2022-12-26 00:00:00

github

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

2022-07-18 17:03:23

veracode

Regular Expression Denial Of Service (ReDoS)

2021-07-27 06:48:58

almalinux

Moderate: nodejs:18 security, bug fix, and enhancement update

2023-04-04 00:00:00

Important: nodejs:14 security, bug fix, and enhancement update

2023-04-12 00:00:00

Moderate: nodejs:16 security, bug fix, and enhancement update

2023-04-04 00:00:00

oraclelinux

nodejs:18 security, bug fix, and enhancement update

2023-04-05 00:00:00

nodejs:14 security, bug fix, and enhancement update

2023-04-12 00:00:00

nodejs:18 security, bug fix, and enhancement update

2023-05-17 00:00:00

rocky

nodejs:18 security, bug fix, and enhancement update

2023-04-06 15:52:43

nodejs:14 security, bug fix, and enhancement update

2023-04-26 15:28:13

nodejs:16 security, bug fix, and enhancement update

2023-04-06 15:52:43

redhat

(RHSA-2023:0612) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

2023-02-06 19:29:10

(RHSA-2023:1743) Important: nodejs:14 security, bug fix, and enhancement update

2023-04-12 14:37:46

(RHSA-2023:1583) Moderate: nodejs:18 security, bug fix, and enhancement update

2023-04-04 08:51:34

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Related for CVELIST:CVE-2021-35065