Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the npm semver package

Summary Due to use of the npm semver package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Versions of the package semver before 7.5.2 are vulnerable to...

EUVD-2017-0328

Malware in sbrugna...

EUVD-2023-1769

Malicious code in bioql PyPI...

Ubuntu 16.04 ESM : semver vulnerability (USN-4776-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4776-1 advisory. It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Tenable has...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

GHSA-F7XJ-RG7H-MC87 Stylelint has vulnerability in semver dependency

Summary Our meow dependency which we use for our CLI depended on [email protected] . A vulnerability in this version of semver was recently identified and surfaced by npm audit: Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw Details Original post by the...

SUSE CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0.8.18-p11 (=0.8.18-p12) +54059 more potentially affected by CVE-2022-25883 via semver (>=2.0.10 <=5.7.1)

semver NPM version =2.0.10, =1.0.1, =0.0.2, =1.0.4, =1.0.0, =1.0.3, =1.0.9, =0.1.0, =0.3.0 and more Source cves: CVE-2022-25883 Source advisory: OSV:GHSA-C2QF-RXJJ-QQGW...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9118 more potentially affected by CVE-2022-25883 via semver (>=6.0.0 <=6.3.0)

semver NPM version =6.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =3.4.1, =3.4.2 and more Source cves: CVE-2022-25883 Source advisory: OSV:GHSA-C2QF-RXJJ-QQGW...

AZL-27207 CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-27208 CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17773 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)

semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0.8.18-p11 (=0.8.18-p12) +33612 more potentially affected by CVE-2022-25883 via semver (>=5.0.0 <=5.7.1)

semver NPM version =5.0.0, =1.0.1, =0.0.2, =1.0.4, =1.0.0, =1.0.3, =1.0.9, =0.1.0, =0.3.0 - 20190403-utils =1.0.0 and more Source cves: CVE-2022-25883 Source advisory: SNYK:JS-SEMVER-3247795...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9118 more potentially affected by CVE-2022-25883 via semver (>=6.0.0 <=6.3.0)

semver NPM version =6.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =3.4.1, =3.4.2 and more Source cves: CVE-2022-25883 Source advisory: SNYK:JS-SEMVER-3247795...