VDB

CISA-2022-25883

CISA-2022-25883 PUBLISHED CVSS 5.3 MEDIUM

Reported by snyk · Published June 21, 2023

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

Affected Products

VendorProductVersions
n/asemver0
n/asemver0, 0

Timeline

  • Jun 21, 2023 CVE Published
  • Dec 6, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›