Lucene search
GoogleOSV:CVE-2021-35065HistoryDec 26, 2022 - 7:15 a.m.
CVE-2021-35065
2022-12-2607:15:11
Google
osv.dev
11
cve-2021-35065
node.js
glob-parent
redos
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
| CPE | Name | Operator | Version |
|---|---|---|---|
| glob-parent | eq | 1.0.0 | |
| glob-parent | eq | 3.0.1 | |
| glob-parent | eq | 1.2.0 | |
| glob-parent | eq | 1.3.0 | |
| glob-parent | eq | 5.0.0 | |
| glob-parent | eq | 5.1.0 | |
| glob-parent | eq | 5.1.1 | |
| glob-parent | eq | 5.1.2 | |
| glob-parent | eq | 1.1.0 | |
| glob-parent | eq | 3.0.0 |
Related
nessus
nessus
Fedora 36 : yarnpkg (2023-5c6f32db6f)
2023-01-12 00:00:00
Fedora 37 : yarnpkg (2023-8d4b772755)
2024-04-29 00:00:00
RHEL 6 : glob-parent (Unpatched Vulnerability)
2024-05-11 00:00:00
nvd
nvd
CVE-2021-35065
2022-12-26 07:15:11
fedora
fedora
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-2.fc37
2023-01-12 01:53:57
[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-2.fc36
2023-01-12 01:35:37
[SECURITY] Fedora 37 Update: pgadmin4-6.18-2.fc37
2023-01-12 01:53:58
openvas
openvas
Fedora: Security Advisory for yarnpkg (FEDORA-2023-8d4b772755)
2023-01-12 00:00:00
Fedora: Security Advisory for pgadmin4 (FEDORA-2023-496439cbdd)
2023-01-12 00:00:00
Fedora: Security Advisory for yarnpkg (FEDORA-2023-5c6f32db6f)
2023-01-12 00:00:00
prion
prion
Code injection
2022-12-26 07:15:00
ubuntucve
ubuntucve
CVE-2021-35065
2022-12-26 00:00:00
cve
cve
CVE-2021-35065
2022-12-26 07:15:11
osv
osv
BIT-gulp-2021-35065
2024-03-06 10:52:58
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
2022-07-18 17:03:23
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-04-04 00:00:00
redhatcve
redhatcve
CVE-2021-35065
2022-12-26 12:34:50
debiancve
debiancve
CVE-2021-35065
2022-12-26 07:15:11
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js glob-parent denial of service vulnerability( CVE-2021-35065)
2023-07-05 22:16:30
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
2021-11-30 16:26:43
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:26:00
cvelist
cvelist
CVE-2021-35065
2022-12-26 00:00:00
github
github
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
2022-07-18 17:03:23
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-07-27 06:48:58
almalinux
almalinux
Moderate: nodejs:18 security, bug fix, and enhancement update
2023-04-04 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2023-04-04 00:00:00
Important: nodejs:14 security, bug fix, and enhancement update
2023-04-12 00:00:00
redhat
redhat
oraclelinux
oraclelinux
nodejs:18 security, bug fix, and enhancement update
2023-04-05 00:00:00
nodejs:18 security, bug fix, and enhancement update
2023-05-17 00:00:00
nodejs:14 security, bug fix, and enhancement update
2023-04-12 00:00:00
rocky
rocky
nodejs:18 security, bug fix, and enhancement update
2023-04-06 15:52:43
nodejs:16 security, bug fix, and enhancement update
2023-04-06 15:52:43
nodejs:14 security, bug fix, and enhancement update
2023-04-26 15:28:13
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
Related for OSV:CVE-2021-35065