crossfeed
crossfeed copied to clipboard
cisagov
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex
🐛 Summary
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
In frontend/package-lock.json Upgrade glob-parent to version 5.1.2 or later. For example:
"dependencies": {
"glob-parent": ">=5.1.2"
}
CVE-2020-28469
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Hi! @epicfaace Thank you for your respond, of course I appreciated that.
Upgrade to glob-parent to version 5.1.2.
"dependencies": {
"glob-parent": ">=5.1.2"
}
I would love to be invited to the [CisaGov] repository. I really appreciate it. for the future I will pathced/fixed all vulnerabilities that exist in each project / repo cisagov.
Hello, I have this vulnerability problem with my adonis js project, could you please help me, thanks
glob-parent <5.1.2 Severity: high glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6No fix available node_modules/fast-glob/node_modules/glob-parent fast-glob <=2.2.7 Depends on vulnerable versions of glob-parent node_modules/fast-glob globby 8.0.0 - 9.2.0 Depends on vulnerable versions of fast-glob node_modules/globby cpy 7.0.0 - 8.1.2 Depends on vulnerable versions of globby node_modules/cpy @adonisjs/assembler * Depends on vulnerable versions of cpy node_modules/@adonisjs/assembler
