Headline
GHSA-4x5v-gmq8-25ch: Regular expression denial of service in semver-regex
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2021-43307
Regular expression denial of service in semver-regex
Low severity GitHub Reviewed Published Jun 3, 2022 • Updated Jun 3, 2022
We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.
Package
npm semver-regex (npm )
Affected versions
< 3.1.4
>= 4.0.0, < 4.0.3
Patched versions
3.1.4
4.0.3
Description
Related news
CVE-2021-43307: semver-regex ReDoS | XRAY-211349
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method