eksi-server (>=0.0.0 <=0.0.8), eksi-sozluk (>=0.0.0 <=0.0.13) +2 more potentially affected by unknown CVE via new-range (=0.0.0)

new-range NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on new-range and may be impacted: - eksi-server =0.0.0, =0.0.0, =0.0.2, =0.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-27367...

Malicious code in new-range (npm)

The package new-range was found to contain malicious code...

MAL-2025-27367 Malicious code in new-range (npm)

The package new-range was found to contain malicious code...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

semver vulnerable to Regular Expression Denial of Service

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

GHSA-C2QF-RXJJ-QQGW semver vulnerable to Regular Expression Denial of Service

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-43534 CVE-2022-25883 affecting package nodejs-nodemon 2.0.3-4

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

Regular Expression Denial of Service (ReDoS)

Overview semver is a semantic version parser used by npm. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. PoC js const semver = require'semver' const lengths2 = 2000, 4000,...