PT-2021-11537 · Npm+6 · Glob-Parent+6

Yeting Li

Published

2021-01-12

Updated

2026-02-17

CVE-2020-28469

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: glob-parent versions prior to 5.1.2

Description: The issue is related to the enclosure regex used to check for strings ending in enclosure containing path separator.

Recommendations: For versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2021:5171

ALSA-2022:0350

ALSA-2022:6595

AZL-44118

AZL-44862

BIT-GULP-2020-28469

CESA-2021_5171

CESA-2022_0350

CVE-2020-28469

GHSA-WW39-953V-WCQ6

RHSA-2021:2865

RHSA-2021:3280

RHSA-2021:3281

RHSA-2021:4626

RHSA-2021:5171

RHSA-2021_5171

RHSA-2022:0246

RHSA-2022:0350

RHSA-2022:6595

RHSA-2022_0350

RHSA-2022_6595

RLSA-2021:5171

RLSA-2022:0350

RLSA-2022:6595

SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093

SNYK-JAVA-ORGWEBJARSNPM-1059092

SNYK-JS-GLOBPARENT-1016905

Affected Products

Almalinux

Astra Linux

Centos

Confluence

Red Hat

Rocky Linux

Glob-Parent

CVE-2020-28469

Weakness Enumeration

Related Identifiers

Affected Products

References · 83