Ixtli logoIxtli
← Feed/CVE-2025-64756
HIGHCVE-2025-64756npmCVSS 7.5

glob

Published

Description

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Affected Versions

>=11.0.0>=10.2.0
FIXED VERSIONS10.5.011.1.0

References

WEBhttps://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-64756WEBhttps://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75fWEBhttps://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146PACKAGEhttps://github.com/isaacs/node-glob

Using glob?

Scan your dependencies and detect this automatically on every PR.

Create free account