Vulnerability Details CVE-2020-28469
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
- https://github.com/gulpjs/glob-parent/pull/36
- https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
- https://github.com/gulpjs/glob-parent/pull/36
- https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://www.oracle.com/security-alerts/cpujan2022.html
Products affected by CVE-2020-28469
-
cpe:2.3:a:gulpjs:glob-parent:-
-
cpe:2.3:a:gulpjs:glob-parent:1.0.0
-
cpe:2.3:a:gulpjs:glob-parent:1.1.0
-
cpe:2.3:a:gulpjs:glob-parent:1.2.0
-
cpe:2.3:a:gulpjs:glob-parent:1.3.0
-
cpe:2.3:a:gulpjs:glob-parent:2.0.0
-
cpe:2.3:a:gulpjs:glob-parent:3.0.0
-
cpe:2.3:a:gulpjs:glob-parent:3.0.1
-
cpe:2.3:a:gulpjs:glob-parent:3.1.0
-
cpe:2.3:a:gulpjs:glob-parent:4.0.0
-
cpe:2.3:a:gulpjs:glob-parent:5.0.0
-
cpe:2.3:a:gulpjs:glob-parent:5.1.0
-
cpe:2.3:a:gulpjs:glob-parent:5.1.1
-
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0