Описание
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-semver | fixed | 7.5.4+~7.5.0-1 | package | |
| node-semver | no-dsa | bookworm | package | |
| node-semver | no-dsa | bullseye | package | |
| node-semver | no-dsa | buster | package |
Примечания
https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
https://github.com/npm/node-semver/pull/564
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 (v7.5.2)
Связанные уязвимости
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range when untrusted user data is provided as a range.
semver vulnerable to Regular Expression Denial of Service