2 known bugs in glob-parent, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 4.0.0 | 5.1.2 | glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. | fixed | osv:GHSA-ww39-953v-wcq6 |
| high | 6.0.0 |
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/npm/glob-parent| 6.0.1 |
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.
This vulnerability is separate from [GHSA-ww39-953v-wcq6](https://github.com/advisories/GHSA-ww39-953v-wcq6). |
| fixed |
| osv:GHSA-cj88-88mr-972w |