CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed #83

mend-bolt-for-github · 2022-07-26T01:09:37Z

CVE-2021-35065 - High Severity Vulnerability

Vulnerable Library - glob-parent-5.1.2.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

eslint-7.32.0.tgz (Root Library)
- ❌ glob-parent-5.1.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)

Publish Date: 2021-06-22

URL: CVE-2021-35065

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cj88-88mr-972w

Release Date: 2021-06-22

Fix Resolution (glob-parent): 6.0.1

Direct dependency fix Resolution (eslint): 8.0.0

Step up your Open Source Security Game with Mend here

mend-bolt-for-github · 2022-07-28T01:08:30Z

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

Co-authored-by: Renovate Bot <bot@renovateapp.com>

## [1.3.9](v1.3.8...v1.3.9) (2023-02-24) ### Chore * anti-terrorism disclaimer ([96327fe](96327fe)) * fixes eslint-plugin-unicorn version ([dd45e9a](dd45e9a)) * fixes npm audit ([0500470](0500470)) * fixes some npm audit vulnerabilities ([b913fee](b913fee)) * fixes some npm audit vulnerabilities (#82) ([fd23d8e](fd23d8e)), closes [#82](#82) * fixes some npm audit vulnerabilities (#86) ([eb549de](eb549de)), closes [#86](#86) * Lock file maintenance ([85b7c09](85b7c09)) * Update dependency danger to v11 ([1779a27](1779a27)) * Update dependency nanoid to 3.1.31 [SECURITY] (#83) ([89d3014](89d3014)), closes [#83](#83) * Update dependency node-fetch to 2.6.7 [SECURITY] (#84) ([11e82bc](11e82bc)), closes [#84](#84) * Update devDependencies (non-major) ([01bd6c0](01bd6c0)) * Update devDependencies (non-major) ([85a0161](85a0161)) * Update devDependencies (non-major) (#65) ([d60ef28](d60ef28)), closes [#65](#65) * Update devDependencies (non-major) (#66) ([69aac8f](69aac8f)), closes [#66](#66) * Update devDependencies (non-major) (#92) ([f492769](f492769)), closes [#92](#92) ### Docs * add logo ([0f77537](0f77537)) * drop lgtm ([b1841f2](b1841f2)) * update year in license ([64521cb](64521cb))

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Jul 26, 2022

mend-bolt-for-github bot changed the title ~~CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz~~ CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed Jul 28, 2022

mend-bolt-for-github bot closed this as completed Jul 28, 2022

pustovitDmytro pushed a commit that referenced this issue Feb 24, 2023

Chore: Update dependency nanoid to 3.1.31 [SECURITY] (#83)

89d3014

Co-authored-by: Renovate Bot <bot@renovateapp.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed #83

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed #83

mend-bolt-for-github bot commented Jul 26, 2022

mend-bolt-for-github bot commented Jul 28, 2022

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed #83

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz - autoclosed #83

Comments

mend-bolt-for-github bot commented Jul 26, 2022

CVE-2021-35065 - High Severity Vulnerability

mend-bolt-for-github bot commented Jul 28, 2022