Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-35065

Опубликовано: 26 дек. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

Отчет

The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Containersrhmtc/openshift-migration-ui-rhel8Not affected
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-ui-rhel8Fix deferred
OpenShift Developer Tools and ServicesodoNot affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-ui-rhel8Affected
OpenShift Service Mesh 2openshift-service-mesh/kiali-rhel8Will not fix
OpenShift Service Mesh 2.1openshift-service-mesh/kiali-rhel8Will not fix
OpenShift Service Mesh 2.1servicemesh-grafanaWill not fix
OpenShift Service Mesh 2.1servicemesh-prometheusWill not fix
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2156324glob-parent: Regular Expression Denial of Service

EPSS

Процентиль: 57%
0.00348
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-35065

CVSS3: 7.5
ubuntu
больше 2 лет назад

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

nvd логотип

CVE-2021-35065

CVSS3: 7.5
nvd
больше 2 лет назад

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

debian логотип

CVE-2021-35065

CVSS3: 7.5
debian
больше 2 лет назад

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular ...

github логотип

GHSA-cj88-88mr-972w

CVSS3: 7.5
github
почти 3 года назад

glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

oracle-oval логотип

ELSA-2023-1583

oracle-oval
около 2 лет назад

ELSA-2023-1583: nodejs:18 security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 57%
0.00348
Низкий

7.5 High

CVSS3