CVE-2015-8855

Published: Jan 23, 2017
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2015-8855" target="_blank" rel="noopener"> CVE-2015-8855
GHSA: <a href="https://github.com/advisories/GHSA-x6fg-f45m-jf5q" target="_blank" rel="noopener"> GHSA-x6fg-f45m-jf5q
Severity: High
Exploit:

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."