CVE-2022-25883

Published June 21st, 2023

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

npm/node-semver

The semver parser for node (the one npm uses)

GitHub

5.43K