actions toolkit 0.5.0 glob internal-pattern.ts globEscape Ukuphikwa Kwenkonzo
| CVSS Meta Temp Isilinganiso | Intengo yamanje ye-exploit (≈) | CTI Inzalo Score |
|---|---|---|
| 4.0 | $0-$5k | 0.00 |
Isifinyezo
Kutholakale ubuthakathaka obubizwa ngokuthi kuyinkinga ku actions toolkit 0.5.0. Kuthinteka umsebenzi globEscape kufayela toolkit/packages/glob/src/internal-pattern.ts kwe-component glob. Ukuguqulwa kubangela uhlobo lwe Ukuphikwa Kwenkonzo.
Le buthakathaka ibizwa ngokuthi CVE-2025-5890. Kungenzeka ukuqalisa ukuhlasela ungasekho endaweni. I-exploit ayitholakali.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Iinkcukacha
Kutholakale ubuthakathaka obubizwa ngokuthi kuyinkinga ku actions toolkit 0.5.0. Kuthinteka umsebenzi globEscape kufayela toolkit/packages/glob/src/internal-pattern.ts kwe-component glob. Ukuguqulwa kubangela uhlobo lwe Ukuphikwa Kwenkonzo. Ukusebenzisa i-CWE ukumemezela inkinga kuholela ku-CWE-1333. Lobu buthakathaka bakhishwa obala njenge 2057. Isaziso sitholakala ukuthi singalayishwa ku-github.com.
Le buthakathaka ibizwa ngokuthi CVE-2025-5890. Kungenzeka ukuqalisa ukuhlasela ungasekho endaweni. Kukhona imininingwane yezobuchwepheshe etholakalayo. Ukuduma kwalobu buthakathi kungaphansi kokujwayelekile. I-exploit ayitholakali. Okwamanje, intengo yamanje ye-exploit ingaba cishe USD $0-$5k ngalesi sikhathi.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Umkhiqizo
Umkhiqizi
Ibizo
Inguqulo
Iwebhusayithi
- Umkhiqizo: https://github.com/actions/toolkit/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Umkhombandlela: 🔒VulDB Ukuthembeka: 🔍
CVSSv3
VulDB Ireyithingi yeMeta Base: 4.3VulDB Meta Temp Isilinganiso: 4.0
VulDB Isilinganiso Esiyisisekelo: 4.3
VulDB Izinga Lesikhashana: 4.0
VulDB Umkhombandlela: 🔒
VulDB Ukuthembeka: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Umkhombandlela | Ubunzima | Ukufakazela ubuwena | Ukuyimfihlo | Ukuthembeka | Ukutholakala |
|---|---|---|---|---|---|
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
| vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
VulDB Isilinganiso Esiyisisekelo: 🔒
VulDB Izinga Lesikhashana: 🔒
VulDB Ukuthembeka: 🔍
Ukusebenzisa ithuba lokungavikeleki
Ikilasi: Ukuphikwa KwenkonzoCWE: CWE-1333 / CWE-400 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Okubambekayo: Hayi
Wendawo: Hayi
Kude: Yebo
Ukutholakala: 🔒
Isimo: Akuchazwanga
EPSS Score: 🔒
EPSS Percentile: 🔒
Ukukhula kwentengo: 🔍
Okwamanje ukuhlolwa kwentengo: 🔒
| 0-Day | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
|---|---|---|---|---|
| Namuhla | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela | vula ukufinyelela |
Ulwazi lwezingozi
Intshisekelo: 🔍Abadlali abasebenzayo: 🔍
AmaQembu e-APT asebenzayo: 🔍
Izinyathelo zokuvikela
Isincomo: akukho sithathwa esaziwayoIsimo: 🔍
0-Suku Isikhathi: 🔒
Isikhathi somlando
2025-06-09 Isaziso sikhishwe2025-06-09 VulDB okokungena kwenziwe
2025-06-10 VulDB okungenelelwe ukubuyekezwa kokugcina
Imithombo
Umkhiqizo: github.comIseluleko: 2057
Isimo: Akuchazwanga
CVE: CVE-2025-5890 (🔒)
GCVE (CVE): GCVE-0-2025-5890
GCVE (VulDB): GCVE-100-311661
EUVD: 🔒
Ukungena
Kudalwa: 2025-06-09 08:31Ukuvuselelwa: 2025-06-10 06:52
Ukulungiswa: 2025-06-09 08:31 (54), 2025-06-10 06:52 (1)
Kugcwele: 🔍
Umthumeli: mmmsssttt
Cache ID: 253:924:103
Thumela
Yamukelwa
- Thumela #585727: @actions @actions/glob 0.5.0 Inefficient Regular Expression Complexity (kusuka ku mmmsssttt)
Kuze kube manje akukabikho ukuphawula. Izilimi: nr + nd + en.
Ngiyacela ungene ngemvume ukuze ukwazi ukuphawula.