semver vulnerable to Regular Expression Denial of Service #69

Closed
opened 2023-06-27 18:06:16 +01:00 by Vylpes · 0 comments
Owner

Package: semver (npm)
Affected versions: < 7.5.2
Patched version: 7.5.2


Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Package: semver (npm) Affected versions: < 7.5.2 Patched version: 7.5.2 --- Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Vylpes added the
type
dependencies
label 2023-06-27 18:06:16 +01:00
Vylpes added this to the 2.1.3 milestone 2023-06-27 18:07:16 +01:00
Vylpes started working 2023-07-03 17:41:14 +01:00
Vylpes stopped working 2023-07-03 17:55:56 +01:00
14 minutes 42 seconds
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Total time spent: 14 minutes 42 seconds
Vylpes
14 minutes 42 seconds
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: RabbitLabs/random-bunny#69
No description provided.