CVE-2021-35065: 
JavaScript vulnerability analysis and mitigation

The glob-parent package before version 6.0.1 for Node.js contains a vulnerability identified as CVE-2021-35065. This vulnerability allows ReDoS (Regular Expression Denial of Service) attacks against the enclosure regular expression. The issue was discovered in June 2021 and affects the package's ability to handle certain input patterns (SNYK, NVD).

The vulnerability exists in the enclosure regex implementation within the glob-parent package. When processing certain input patterns, particularly those with repeated characters, the regular expression engine can enter a catastrophic backtracking state. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network-accessible and requires no privileges or user interaction to exploit (NVD).

Successful exploitation of this vulnerability can lead to a Denial of Service (DoS) condition. When the vulnerable regex pattern processes certain malicious inputs, it can cause excessive CPU consumption, resulting in significant performance degradation or complete service unavailability (NETAPP, SNYK).

The recommended mitigation is to upgrade glob-parent to version 6.0.1 or higher, which contains the fix for this vulnerability. The fix involves modifying the regex pattern handling to prevent catastrophic backtracking (GITHUB_COMMIT, GITHUB_PR).