CNNVD-202511-1874 Information

CNNVD ID

CNNVD-202511-1874

Related CVE

CVE-2025-64756

• CNNVD Published: 2025-11-17

Description (Chinese)

Glob是isaacs个人开发者的一个文件匹配软件。 Glob 10.3.7版本至11.0.3版本存在操作系统命令注入漏洞，该漏洞源于命令注入，可能导致任意代码执行。

Description (English)

Glob is a file matching software for the personal developer of the saacs. There is a gap in operating system commands from Glob, Versions 10.3.7 to 11.03, which stems from command injections and may lead to arbitrary code enforcement.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-11-17

Last Modified

2026-02-24

References

https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2 https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146 https://access.redhat.com/security/cve/cve-2025-64756

Patch

https://github.com/isaacs/node-glob/tags