Bug 2156324 (CVE-2021-35065)
Summary: | CVE-2021-35065 glob-parent: Regular Expression Denial of Service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adudiak, agerstmayr, aileenc, alazarot, asoldano, balejosg, bbaranow, bbuckingham, bcoca, bcourt, bdettelb, bmaxwell, boliveir, brian.stansberry, btotty, cdewolf, chazlett, cluster-maint, darran.lofthouse, davidn, dcadzow, dfreiber, dkenigsb, dkreling, dosoudil, dymurray, ehelms, ellin, emingora, epacific, fdeutsch, fjuma, fmongiar, fmuellner, fzatlouk, gjospin, gmalinko, gparvin, grafana-maint, gzaronik, hhorak, ibek, ibolton, idevat, ivassile, iweiss, janstey, jburrell, jcammara, jcantril, jhardy, jhorak, jkurik, jmatthew, jmontleo, jneedle, jnethert, jobarker, jorton, jpavlik, jpoth, jrokos, jshaughn, jsherril, jstastny, jwendell, jwon, klember, kshier, kverlaen, lgao, lzap, mabashia, mhulan, mlisik, mnovotny, mokumar, mosmerov, mpitt, mpospisi, msochure, msvehla, mwringe, myarboro, nathans, nboldt, njean, nmoumoul, nodejs-maint, nwallace, ocs-bugs, omular, orabin, oramraz, osapryki, oskutka, owatkins, pahickey, pcreech, pdelbell, pdrozd, peholase, periklis, pjindal, pmackay, pskopek, rcernich, rchan, rgarg, rguimara, rogbas, rrajasek, rstancel, scorneli, scox, sfowler, shbose, simaishi, slucidi, smaestri, smcdonal, smullick, sseago, stcannon, sthorger, stransky, tcunning, teagle, tfister, thrcka, tojeline, tom.jenkinson, twalsh, ubhargav, vkumar, yfang, yguenane, zsadeh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | glob-parent 6.0.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-02-12 15:09:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2156636, 2156444, 2156445, 2156446, 2156447, 2156448, 2156449, 2156450, 2156451, 2156452, 2156453, 2156454, 2156455, 2156456, 2156457, 2156462, 2156637, 2156638, 2156639, 2156640, 2156641, 2156642, 2156643, 2156644, 2156645, 2156646, 2156647, 2156648, 2156649, 2156650, 2156651, 2156652, 2156653, 2156654, 2156655, 2156656, 2156657, 2156658, 2156659, 2156660, 2175829, 2175830, 2175831, 2175832, 2178079, 2178080, 2178081, 2178082, 2178083, 2178084, 2178085, 2178144, 2178145, 2178146 | ||
Bug Blocks: | 2156325 |
Description
Avinash Hanwate
2022-12-26 12:21:37 UTC
Created cockatrice tracking bugs for this issue: Affects: fedora-36 [bug 2156638] Created gnome-shell-extension-material-shell tracking bugs for this issue: Affects: fedora-36 [bug 2156639] Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-36 [bug 2156640] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-7 [bug 2156636] Created grafana tracking bugs for this issue: Affects: fedora-36 [bug 2156641] Created llhttp tracking bugs for this issue: Affects: fedora-37 [bug 2156650] Created mozjs68 tracking bugs for this issue: Affects: fedora-36 [bug 2156642] Created mozjs78 tracking bugs for this issue: Affects: fedora-36 [bug 2156643] Created nodejs-diagnostic-language-server tracking bugs for this issue: Affects: fedora-36 [bug 2156644] Affects: fedora-37 [bug 2156651] Created nodejs-nodemon tracking bugs for this issue: Affects: fedora-36 [bug 2156645] Created pcs tracking bugs for this issue: Affects: fedora-36 [bug 2156646] Affects: fedora-37 [bug 2156652] Created pgadmin4 tracking bugs for this issue: Affects: fedora-37 [bug 2156653] Created seamonkey tracking bugs for this issue: Affects: epel-8 [bug 2156637] Affects: fedora-36 [bug 2156647] Created yarnpkg tracking bugs for this issue: Affects: fedora-36 [bug 2156648] Affects: fedora-37 [bug 2156654] Created zuul tracking bugs for this issue: Affects: fedora-36 [bug 2156649] This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:0612 https://access.redhat.com/errata/RHSA-2023:0612 This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2023:0634 https://access.redhat.com/errata/RHSA-2023:0634 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-35065 This issue has been addressed in the following products: MTA-6.0-RHEL-8 Via RHSA-2023:0934 https://access.redhat.com/errata/RHSA-2023:0934 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:1043 https://access.redhat.com/errata/RHSA-2023:1043 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:1044 https://access.redhat.com/errata/RHSA-2023:1044 This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:1045 https://access.redhat.com/errata/RHSA-2023:1045 This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:1047 https://access.redhat.com/errata/RHSA-2023:1047 This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:1049 https://access.redhat.com/errata/RHSA-2023:1049 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1582 https://access.redhat.com/errata/RHSA-2023:1582 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1583 https://access.redhat.com/errata/RHSA-2023:1583 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2654 https://access.redhat.com/errata/RHSA-2023:2654 |