semver vulnerable to Regular Expression Denial of Service #311

Closed
opened 2023-06-27 18:06:09 +01:00 by Vylpes · 0 comments
Owner

Package: semver (npm)
Affected versions: < 7.5.2
Patched version: 7.5.2


Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Package: semver (npm) Affected versions: < 7.5.2 Patched version: 7.5.2 --- Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Vylpes added the
type
dependencies
label 2023-06-27 18:06:09 +01:00
Vylpes added this to the 3.1.1 milestone 2023-06-27 18:06:36 +01:00
Vylpes added spent time 2023-07-14 15:48:39 +01:00
10 minutes
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Total time spent: 10 minutes
Vylpes
10 minutes
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: RabbitLabs/vylbot-app#311
No description provided.