Regular Expression Denial of Service in semver
High severity
GitHub Reviewed
Published
Oct 24, 2017
to the GitHub Advisory Database
•
Updated Apr 11, 2023
Description
Published to the GitHub Advisory Database
Oct 24, 2017
Reviewed
Jun 16, 2020
Last updated
Apr 11, 2023
Versions 4.3.1 and earlier of
semver
are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.Recommendation
Update to version 4.3.2 or later
References