High severityNVD Advisory· Published Jun 3, 2021· Updated Sep 16, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2020-28469
Description
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glob-parentnpm | >= 4.0.0, < 5.1.2 | 5.1.2 |
Affected products
11- glob-parent/glob-parentdescription
- osv-coords10 versionspkg:bitnami/gulppkg:npm/glob-parentpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/npm
< 5.1.2+ 9 more
- (no CPE)range: < 5.1.2
- (no CPE)range: >= 4.0.0, < 5.1.2
- (no CPE)range: < 1:16.13.1-3.module_el8.5.0+2605+45d748af
- (no CPE)range: < 1:16.13.1-3.module_el8.5.0+2605+45d748af
- (no CPE)range: < 1:16.13.1-3.module_el8.5.0+2605+45d748af
- (no CPE)range: < 1:16.13.1-3.module_el8.5.0+2605+45d748af
- (no CPE)range: < 1:16.16.0-1.el9_0
- (no CPE)range: < 2.0.15-1.module_el8.6.0+2904+f21ad6f4
- (no CPE)range: < 25-1.module_el8.5.0+246+05401605
- (no CPE)range: < 1:8.1.2-1.16.13.1.3.module_el8.5.0+2605+45d748af
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-ww39-953v-wcq6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28469ghsaADVISORY
- github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9ghsax_refsource_MISCWEB
- github.com/gulpjs/glob-parent/commit/4a80667c69355c76a572a5892b0f133c8e1f457eghsaWEB
- github.com/gulpjs/glob-parent/pull/36ghsax_refsource_MISCWEB
- github.com/gulpjs/glob-parent/pull/36/commits/c6db86422a9731d4f3d332ce4a81c27ea6b0ee46ghsaWEB
- github.com/gulpjs/glob-parent/releases/tag/v5.1.2ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905ghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.