CVE-2020-28469

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28469

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28469.json

Aliases

• BIT-gulp-2020-28469
• GHSA-ww39-953v-wcq6
• SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
• SNYK-JAVA-ORGWEBJARSNPM-1059092
• SNYK-JS-GLOBPARENT-1016905

Related

• ALSA-2021:5171
• ALSA-2022:0350
• ALSA-2022:6595
• RLSA-2021:5171
• RLSA-2022:0350
• RLSA-2022:6595

Published

2021-06-03T16:15:07Z

Modified

2023-12-06T01:00:30.770250Z

Details

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

References

• https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
• https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
• https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
• https://github.com/gulpjs/glob-parent/pull/36
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
• https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2