Skip to content
This repository was archived by the owner on Jan 27, 2026. It is now read-only.

fix(security): upgrade glob to 10.5.0 for CVE-2025-64756#84

Open
ona-security-engineer wants to merge 1 commit intomainfrom
jonas/JONAS-31-fix
Open

fix(security): upgrade glob to 10.5.0 for CVE-2025-64756#84
ona-security-engineer wants to merge 1 commit intomainfrom
jonas/JONAS-31-fix

Conversation

@ona-security-engineer
Copy link

@ona-security-engineer ona-security-engineer commented Jan 18, 2026

Automated security fix by Ona Agent.

Summary

Upgrades glob from 10.4.5 to 10.5.0 to remediate CVE-2025-64756.

Vulnerability Details

  • CVE: CVE-2025-64756
  • Severity: HIGH
  • Package: glob@10.4.5
  • Issue: Command injection via -c/--cmd executes matches with shell:true

Changes

  • Added overrides section to frontend/package.json to force glob@^10.5.0
  • Updated frontend/package-lock.json with the patched version

Verification

  • ✅ All 70 tests pass

Resolves: JONAS-31

@ona-security-engineer @ona-agent
fix(security): upgrade glob to 10.5.0 for CVE-2025-64756
93e1474 
Add overrides section to frontend/package.json to force glob@^10.5.0,
remediating command injection vulnerability in glob CLI.

Co-authored-by: Ona <no-reply@ona.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ona-security-engineer