Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
| Software | From | Fixed in |
|---|---|---|
semver
|
7.0.0 | 7.5.2 |
|
semver
|
6.0.0 | 6.3.1 |
|
semver
|
- | 5.7.2 |
| npmjs / semver | - | 5.7.2 |
| npmjs / semver | 6.0.0 | 6.3.1 |
| npmjs / semver | 7.0.0 | 7.5.2 |
- https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
- https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
- https://github.com/npm/node-semver/blob/main/internal/re.js#L138
- https://github.com/npm/node-semver/blob/main/internal/re.js#L160
- https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
- https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
- https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
- https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
- https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
- https://github.com/npm/node-semver/pull/564
- https://github.com/npm/node-semver/pull/585
- https://github.com/npm/node-semver/pull/593
- https://security.netapp.com/advisory/ntap-20241025-0004/
- https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795