CVE Details
Basic Information
| Title | actions toolkit glob internal-pattern.ts globEscape redos |
|---|---|
| Type | cve |
| Published | 2025-06-09T18:31:05.291Z |
| Last Seen |
Product Information
| Vendor | actions |
|---|---|
| Product | toolkit |
| Version | 0.5.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A regular expression denial of service (ReDoS) vulnerability was discovered in the actions toolkit version 0.5.0. This issue affects the globEscape function in the glob component, leading to inefficient regular expression complexity that can be exploited remotely. |
|---|---|
| AI Severity | Medium |
| Vendor | GitHub |
| Product | actions toolkit |
| Affected Version | 0.5.0 |
Affected Products
- actions toolkit 0.5.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-1333, CWE-400 |
| Bulletin Family |
References
Description
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely.