CVE-2022-25883
21.06.2023, 05:15
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.Enginsight
| Vendor | Product | Version |
|---|---|---|
| npmjs | semver | 𝑥 < 5.7.2 |
| npmjs | semver | 6.0.0 ≤ 𝑥 < 6.3.1 |
| npmjs | semver | 7.0.0 ≤ 𝑥 < 7.5.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References