Asymmetric denial of service - ReDoS In node-semver
Description
Regular Expression Denial of Service in semver
Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.
Recommendation
Update to version 4.3.2 or later
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 12 | 5.3.0-1 | ||
debian 13 | 5.3.0-1 | ||
debian 14 | 5.3.0-1 | ||
debian 11 | 5.3.0-1 | ||
 npm | 4.3.2 |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3. 4. 5. 6. 7.