VDB

DEBIAN-CVE-2022-25883

DEBIAN-CVE-2022-25883 PUBLISHED CVSS 7.5 HIGH

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:13node-semver0, 0, 0
Debian:14node-semver0, 0, 0
Debian:12node-semver7.5.4, 7.6.1, 7.6.1
Debian:11node-semver7.7.4+~7.7.1-1, *, 7.3.4-1

Exploit Intelligence

Timeline

  • Jun 21, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›