logo

Database

Asymmetric denial of service - ReDoS In semver-regex

Description

semver-regex Regular Expression Denial of Service (ReDOS) npm semver-regex is vulnerable to Inefficient Regular Expression Complexity

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-37952. NVD-2021-37953. OSV-2021-37954. GCVE-2021-3795

References

1. https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd72. https://huntr.dev/bounties/006624e3-35ac-448f-aab9-7b5183f30e28

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-CVLP3 – Vulnerability | Fluid Attacks Database