Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-25883

Good to know:

icon
icon

Date: June 21, 2023

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Language: JS

Severity Score

Related Resources (17)

https://github.com/npm/node-semver
https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
https://github.com/npm/node-semver/blob/main/internal/re.js#L160
https://github.com/npm/node-semver/blob/main/internal/re.js#L138
https://github.com/npm/node-semver/pull/593
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
https://nvd.nist.gov/vuln/detail/CVE-2022-25883
https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
https://github.com/npm/node-semver/pull/585
https://github.com/npm/node-semver/pull/564
https://access.redhat.com/security/cve/CVE-2022-25883
https://security.netapp.com/advisory/ntap-20241025-0004/
https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
https://www.mend.io/vulnerability-database/CVE-2022-25883

Severity Score

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

icon

Upgrade Version

Upgrade to version semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us