Fluid Attacks Database

Description

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	node-glob-parent	>=0 <6.0.2+~5.1.1-1	6.0.2+~5.1.1-1
npm	glob-parent	=6.0.0 \|\| >=6.0.0 <6.0.1	6.0.1
debian 11	node-glob-parent	=5.1.1+~5.1.0-2 \|\| =5.1.1+~5.1.0-3 \|\| =6.0.2+~5.1.1-1 \|\| =6.0.2+~5.1.1-2 \|\| =6.0.2+~5.1.3-1	-
debian 12	node-glob-parent	>=0 <6.0.2+~5.1.1-1	6.0.2+~5.1.1-1
debian 13	node-glob-parent	>=0 <6.0.2+~5.1.1-1	6.0.2+~5.1.1-1
rpm rhel9	nodejs-nodemon	<0:2.0.20-3.el9_2	0:2.0.20-3.el9_2
rpm rhel9	gjs	-	-
rpm rhel8.4	nodejs	<1:14.21.3-1.module+el8.4.0+18317+43f5ac16	1:14.21.3-1.module+el8.4.0+18317+43f5ac16
rpm rhel8.6	nodejs	<1:14.21.3-1.module+el8.6.0+18532+cbe6f646	1:14.21.3-1.module+el8.6.0+18532+cbe6f646
rpm rhel9	nodejs	<1:16.19.1-1.el9_2	1:16.19.1-1.el9_2

1-10 of 15

Aliases

1. CVE-2021-350652. NVD-2021-350653. OSV-DEBIAN-2021-350654. OSV-2021-350655. GCVE-2021-350656. SECURITY-TRACKER-CVE-2021-35065

References

1. https://github.com/opensearch-project/OpenSearch-Dashboards/issues/11032. https://github.com/gulpjs/glob-parent/pull/493. https://github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f474. https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f3395. https://github.com/gulpjs/glob-parent/releases/tag/v6.0.16. https://security.netapp.com/advisory/ntap-20230214-00107. https://www.mend.io/vulnerability-database/CVE-2021-35065

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.