{"id":6619,"date":"2025-06-09T14:38:41","date_gmt":"2025-06-09T14:38:41","guid":{"rendered":"http:\/\/localhost\/?p=6619"},"modified":"2025-06-09T14:38:41","modified_gmt":"2025-06-09T14:38:41","slug":"actions-toolkit-glob-internal-patternts-globescape-redos","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6619","title":{"rendered":"actions toolkit glob internal-pattern.ts globEscape redos"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nactions toolkit glob internal-pattern.ts globEscape redos<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-09T18:31:05.291Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nactions<\/td>\n<\/tr>\n
Product<\/th>\ntoolkit<\/td>\n<\/tr>\n
Version<\/th>\n0.5.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:N\/VI:N\/VA:L\/SC:N\/SI:N\/SA:N\/E:X<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA regular expression denial of service (ReDoS) vulnerability was discovered in the actions toolkit version 0.5.0. This issue affects the globEscape function in the glob component, leading to inefficient regular expression complexity that can be exploited remotely.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nGitHub<\/td>\n<\/tr>\n
Product<\/th>\nactions toolkit<\/td>\n<\/tr>\n
Affected Version<\/th>\n0.5.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n