CVE-2022-25883
EUVD-2023-176921.06.2023, 05:15
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| npmjs | semver | 𝑥 < 5.7.2 |
| npmjs | semver | 6.0.0 ≤ 𝑥 < 6.3.1 |
| npmjs | semver | 7.0.0 ≤ 𝑥 < 7.5.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References