PSIRT: Node.js glob-parent module denial of service CVE-2020-28469 #7955
Comments
|
Hi team, we have noticed that @console/pal is using glob-parent as child dependency. Which is vulnerable of Denial of Service. We want to confirm if this vulnerability is applicable or not. |
|
I ran Related: gulpjs/glob-parent#36 |
github-actions
bot
added
status: waiting for author's response 💬
and removed
status: waiting for maintainer response 💬
labels
|
Hi @tay1orjones, thank you for the reply. Closing this issue as discussed in this slack channel. |
github-actions
bot
added
status: waiting for maintainer response 💬
and removed
status: waiting for author's response 💬
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary:
Node.js glob-parent module denial of service CVE-2020-28469
Details:
globparent-cve202028469-dos (196451) - reported on 2021-01-12 (Format: yyyy-mm-dd)
Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
Consequences: Denial of Service
Remedy:
No remedy available as of February 2021.
X-Force Record: https://exchange.xforce.ibmcloud.com/vulnerabilities/196451
Attention: If the CVE is excluded from OWASP scanning, make sure to include it back, while remediating corresponding PSIRT. Acknowledge with appropriate comment before closing the PSIRT.
The text was updated successfully, but these errors were encountered: