VDB
DEBIAN-CVE-2022-25883
DEBIAN-CVE-2022-25883
PUBLISHED
CVSS 7.5 HIGH
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | node-semver | 0, 0, 0 |
| Debian:14 | node-semver | 0, 0, 0 |
| Debian:12 | node-semver | 7.5.4, 7.6.1, 7.6.1 |
| Debian:11 | node-semver | 7.7.4+~7.7.1-1, *, 7.3.4-1 |
Exploit Intelligence
- RQ5.html (github-poc)
- test_outputs.py (github-poc)
Timeline
- Jun 21, 2023 CVE Published
- Apr 28, 2026 CVE Updated