CVE-2025-5890

Summary

A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely.

Affected Software

VendorProductVersion RangeStatus
actionstoolkit0.5.0affected

Weaknesses

  • CWE-1333: Inefficient Regular Expression Complexity
  • CWE-400: Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References