Upstream information
CVE-2021-35065 at MITRE
Description
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v3 Scores
| National Vulnerability Database |
Base Score | 7.5 |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | High |
CVSSv3 Version | 3.1 |
No SUSE Bugzilla entries cross referenced.
No SUSE Security Announcements cross referenced.
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Liberty Linux 8 | nodejs >= 18.14.2-2.module+el8.7.0+18445+9493b6ea
nodejs-devel >= 18.14.2-2.module+el8.7.0+18445+9493b6ea
nodejs-docs >= 18.14.2-2.module+el8.7.0+18445+9493b6ea
nodejs-full-i18n >= 18.14.2-2.module+el8.7.0+18445+9493b6ea
nodejs-nodemon >= 2.0.20-3.module+el8.7.0+18531+81d21ca6
nodejs-packaging >= 2021.06-4.module+el8.7.0+15582+19c314fa
nodejs-packaging-bundler >= 2021.06-4.module+el8.7.0+15582+19c314fa
npm >= 9.5.0-1.18.14.2.2.module+el8.7.0+18445+9493b6ea
| Patchnames: RHSA-2023:1582 RHSA-2023:1583 RHSA-2023:1743 |
SUSE Liberty Linux 9 | nodejs >= 18.14.2-2.module+el9.2.0.z+18497+a402347c
nodejs-devel >= 18.14.2-2.module+el9.2.0.z+18497+a402347c
nodejs-docs >= 18.14.2-2.module+el9.2.0.z+18497+a402347c
nodejs-full-i18n >= 18.14.2-2.module+el9.2.0.z+18497+a402347c
nodejs-nodemon >= 2.0.20-2.module+el9.2.0.z+18497+a402347c
nodejs-packaging >= 2021.06-4.module+el9.1.0+15718+e52ec601
nodejs-packaging-bundler >= 2021.06-4.module+el9.1.0+15718+e52ec601
npm >= 9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c
| Patchnames: RHSA-2023:2654 |
SUSE Timeline for this CVE
CVE page created: Mon Dec 26 13:00:25 2022
CVE page last modified: Mon Oct 30 18:14:11 2023