Detections
Analytics

CVE-2022-25883

high

Description

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

References

https://github.com/npm/node-semver/pull/564

https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

Details

Source: Mitre, NVD

Published: 2023-06-21

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High