PT-2025-24551 · Unknown · Actions Toolkit
Mmmsssttt
·
Published
2025-06-09
·
Updated
2025-06-09
·
CVE-2025-5890
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
actions toolkit version 0.5.0
Description
A problematic vulnerability has been found in the actions toolkit. This issue affects the
globEscape function of the glob component, specifically in the file toolkit/packages/glob/src/internal-pattern.ts. The manipulation leads to inefficient regular expression complexity, and it is possible to initiate the attack remotely.Recommendations
For actions toolkit version 0.5.0, consider restricting the use of the
globEscape function until a patch is available. As a temporary workaround, avoid using the glob component in situations where remote attacks are a concern.Fix
Resource Exhaustion
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Actions Toolkit