View all vulnerabilities

CVE-2022-25883

semver vulnerable to Regular Expression Denial of Service

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
semver >= 7.0.0 < 7.5.2; semver >= 6.0.0 < 6.3.1; semver < 5.7.2
Severity
High
Ecosystem
JavaScript
Publish Date
June 21, 2023
Modified Date
December 6, 2024