Vulnerabilities > CVE-2021-35065 - Unspecified vulnerability in Gulpjs Glob-Parent 6.0.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

gulpjs

NVD

Published: 2022-12-26

Updated: 2024-11-21

Summary

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.

Vulnerable Configurations

Part	Description	Count
Application	Gulpjs Gulpjs Glob Parent 6.0.0	1

References

https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
https://github.com/gulpjs/glob-parent/pull/49
https://github.com/gulpjs/glob-parent/pull/49
https://security.netapp.com/advisory/ntap-20230214-0010/
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294