You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary:
Node.js glob-parent module denial of service CVE-2020-28469
Details:
globparent-cve202028469-dos (196451) - reported on 2021-01-12 (Format: yyyy-mm-dd)
Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
Attention: If the CVE is excluded from OWASP scanning, make sure to include it back, while remediating corresponding PSIRT. Acknowledge with appropriate comment before closing the PSIRT.
The text was updated successfully, but these errors were encountered:
Hi team, we have noticed that @console/pal is using glob-parent as child dependency. Which is vulnerable of Denial of Service. We want to confirm if this vulnerability is applicable or not.
I ran yarn why glob-parent to get a list of what packages are using the glob-parent package and it looks like they all are sub-dependencies of packages listed as devDependencies.
Summary:
Node.js glob-parent module denial of service CVE-2020-28469
Details:
globparent-cve202028469-dos (196451) - reported on 2021-01-12 (Format: yyyy-mm-dd)
Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
Consequences: Denial of Service
Remedy:
No remedy available as of February 2021.
X-Force Record: https://exchange.xforce.ibmcloud.com/vulnerabilities/196451
Attention: If the CVE is excluded from OWASP scanning, make sure to include it back, while remediating corresponding PSIRT. Acknowledge with appropriate comment before closing the PSIRT.
The text was updated successfully, but these errors were encountered: