VDB
CVE-2021-35065
CVE-2021-35065
PUBLISHED
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
EPSS 0.42% · 62.1th percentile
Risk Scores
EPSS Score
0.42%
62.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gulp | 6.0.0 |
| Bitnami | gulp | 6.0.0 |
Exploit Intelligence
- https://github.com/gulpjs/glob-parent/pull/49 (nist-nvd)
- https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 (nist-nvd)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
…and 2 more exploits
Timeline
- Jul 18, 2022 CVE Published
- Dec 26, 2022 EPSS Score
- Feb 5, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 19, 2023 EPSS Score
- Apr 29, 2023 EPSS Score
- Jul 21, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
- Oct 12, 2023 EPSS Score
- Nov 22, 2023 EPSS Score
- Jan 3, 2024 EPSS Score
- Feb 8, 2024 PoC Published
References
- https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 url
- https://github.com/gulpjs/glob-parent/pull/49 url
- https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 url
- https://security.netapp.com/advisory/ntap-20230214-0010/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-35065 url