Oracle Linux: CVE-2021-35065: ELSA-2023-1582: nodejs:16 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2021-35065: ELSA-2023-1582:nodejs:16 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

12/26/2022

Created

05/05/2023

Added

04/05/2023

Modified

01/08/2025

Description

The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression. A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

Solution(s)

• oracle-linux-upgrade-nodejs
• oracle-linux-upgrade-nodejs-devel
• oracle-linux-upgrade-nodejs-docs
• oracle-linux-upgrade-nodejs-full-i18n
• oracle-linux-upgrade-nodejs-nodemon
• oracle-linux-upgrade-nodejs-packaging
• oracle-linux-upgrade-nodejs-packaging-bundler
• oracle-linux-upgrade-npm

References

• https://attackerkb.com/topics/cve-2021-35065
• CVE - 2021-35065
• ELSA-2023-1582
• ELSA-2023-2654
• ELSA-2023-1583
• ELSA-2023-1743