VDB
BIT-gulp-2021-35065
BIT-gulp-2021-35065
PUBLISHED
CVSS 7.5 HIGH
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gulp | 6.0.0, 6.0.0, 6.0.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 url
- https://github.com/gulpjs/glob-parent/pull/49 url
- https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 url
- https://security.netapp.com/advisory/ntap-20230214-0010/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-35065 url