CVE-2021-35065

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions glob-parent versions prior to 6.0.1

Description The issue allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression in the glob-parent package for Node.js.

Recommendations For versions prior to 6.0.1, update to version 6.0.1 to resolve the issue. As a temporary workaround, consider restricting the use of regular expressions in the enclosure until the update is applied.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

ALSA-2023:1582

ALSA-2023:1583

ALSA-2023:1743

ALSA-2023:2654

BIT-GULP-2021-35065

CESA-2023_1582

CESA-2023_1583

CESA-2023_1743

CVE-2021-35065

GHSA-CJ88-88MR-972W

RHSA-2023:0612

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

RHSA-2023:1533

RHSA-2023:1582

RHSA-2023:1583

RHSA-2023:1742

RHSA-2023:1743

RHSA-2023:2654

RHSA-2023:2655

RHSA-2023_1582

RHSA-2023_1583

RHSA-2023_1743

RHSA-2023_2654

RHSA-2023_2655

RLSA-2023:1582

RLSA-2023:1583

RLSA-2023:1743

Affected Products

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Glob-Parent

CVE-2021-35065

Weakness Enumeration

Related Identifiers

Affected Products

References · 78