Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FOSSA] Issue with glob-parent - VULNERABILITY #332

Closed
TerrySmithDC opened this issue Feb 24, 2021 · 2 comments
Closed

[FOSSA] Issue with glob-parent - VULNERABILITY #332

TerrySmithDC opened this issue Feb 24, 2021 · 2 comments

Comments

@TerrySmithDC
Copy link

VULNERABILITY - glob-parent (5.1.1)

Component URL

https://github.com/es128/glob-parent

Affected Projects

  • gazebo
  • ruby-standard-1
  • ruby-standard-2

Issue

Vulnerability - CVE-2020-28469

Description:
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.


Generated by FOSSA on 02/24/2021
Reported by FOSSA user: [email protected]
Reported Issue: https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fgazebo/refs/branch/main/0f06ff096f658a2f8498db2b288823a1765df493/issues/security/607999?revisionScanId=4189094&status=any

@TerrySmithDC
Copy link
Author

Waiting on one of two PRs to land in the package.

gulpjs/glob-parent#36
gulpjs/glob-parent#34

Depending on how long this takes to release (it takes more then 60~ days) we could also fork and install a version with the fix to comply with SOC II

@TerrySmithDC
Copy link
Author

Package is now resolved with https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant