Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43307: semver-regex ReDoS | XRAY-211349

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

CVE
Open in Source
#dos#nodejs

CVE-2021-43307 | CVSS 5.9

JFrog Severity:medium

Published 30 May. 2022 | Last updated 30 May. 2022

Exponential ReDoS in semver-regex leads to denial of service

semver-regex

semver-regex (,3.1.3]|[4.0.0,4.0.2], fixed in 3.1.4 and 4.0.3

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method

'0.0.1-' + '-.–’.repeat(i) + ' '

No mitigations are supplied for this issue

NVD

Related news

GHSA-4x5v-gmq8-25ch: Regular expression denial of service in semver-regex

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE