High severityNVD Advisory· Published Dec 26, 2022· Updated Apr 14, 2025
CVE-2021-35065
CVE-2021-35065
Description
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glob-parentnpm | >= 6.0.0, < 6.0.1 | 6.0.1 |
Affected products
10- osv-coords10 versionspkg:bitnami/gulppkg:npm/glob-parentpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npm
>= 6.0.0, < 6.0.1+ 9 more
- (no CPE)range: >= 6.0.0, < 6.0.1
- (no CPE)range: >= 6.0.0, < 6.0.1
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 1:16.19.1-1.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 2.0.20-3.module_el8.7.0+3496+a59a3324
- (no CPE)range: < 25-1.module_el8.5.0+2605+45d748af
- (no CPE)range: < 2021.06-4.module_el8.7.0+3343+ea2b7901
- (no CPE)range: < 1:8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-cj88-88mr-972wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-35065ghsaADVISORY
- github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f47ghsaWEB
- github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339ghsaWEB
- github.com/gulpjs/glob-parent/pull/49ghsaWEB
- github.com/gulpjs/glob-parent/releases/tag/v6.0.1ghsaWEB
- github.com/opensearch-project/OpenSearch-Dashboards/issues/1103ghsaWEB
- security.netapp.com/advisory/ntap-20230214-0010ghsaWEB
- security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294ghsaWEB
- www.mend.io/vulnerability-database/CVE-2021-35065ghsaWEB
News mentions
0No linked articles in our index yet.