Fluid Attacks Database

Description

Affected versions of this package are vulnerable to Regular Expression Denial of Service due to improper usage of regex in the semverRegex() function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	semver-regex	>=0 <3.1.4 \|\| >=4.0.0 <4.0.3	3.1.4, 4.0.3
maven	semver-regex	>=0 <3.1.4 \|\| >=4.0.0 <4.0.3	-

Aliases

1. CVE-2021-433072. NVD-2021-433073. OSV-2021-433074. GCVE-2021-433075. DB-CVE-2021-43307

References

1. https://github.com/sindresorhus/semver-regex/commit/d8ba39a528c1027c43ab23f12eec28ca4d40dd0c2. https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.