VDB
CISA-2022-25883
CISA-2022-25883
PUBLISHED
CVSS 5.3 MEDIUM
Reported by snyk · Published June 21, 2023
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Risk Scores
CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | semver | 0 |
| n/a | semver | 0, 0 |
Timeline
- Jun 21, 2023 CVE Published
- Dec 6, 2024 CVE Updated