CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

CNVD•added 2022/06/09 12:0 a.m.•34 views

npm semver-regex denial of service vulnerability

npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...

5CVSS4.6AI score0.00585EPSS

Exploits1Affected Software2

Veracode•added 2022/06/03 9:4 a.m.•31 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. The vulnerability exists in semverRegex function in index.js due to improper use of regular expressions which allows an attacker to cause a ReDos...

7.5CVSS4.3AI score0.00585EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2022/06/03 12:1 a.m.•33 views

Regular expression denial of service in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

7.5CVSS4.5AI score0.00585EPSS

Exploits1References4Affected Software1

vulnersOsv•added 2022/06/03 12:1 a.m.•0 views

08cms (=1.0.0), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +6890 more potentially affected by CVE-2021-43307 via semver-regex (>=0.1.1 <=3.1.3)

semver-regex NPM version =0.1.1, =0.0.1, =1.0.0, =3.1.4, =1.0.3, =1.0.0, =3.1.6, =0.0.1, =1.0.0, =1.0.0, =1.1.2 - 3vot-clay =2.0.1 - 433bf =0.0.1 and more Source cves: CVE-2021-43307 Source advisory: OSV:GHSA-4X5V-GMQ8-25CH...

7.5CVSS7.1AI score0.00585EPSS

Exploits1

Prion•added 2022/06/02 2:15 p.m.•20 views

Input validation

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

5CVSS7.6AI score0.00585EPSS

Exploits1References1Affected Software1

CNNVD•added 2022/06/02 12:0 a.m.•1 views

semver-regex 安全漏洞

7.5CVSS5.7AI score0.00585EPSS

Exploits1References3

CVE•added 2022/06/01 4:47 p.m.•258 views

CVE-2021-43307

CVE-2021-43307 is a Denial of Service vulnerability in the semver-regex npm package that can be triggered by arbitrary input to the test() method, causing an exponential ReDoS. Public sources (CNVD-2022-76985) indicate DoS affects semver-regex versions prior to 3.1.4 and 4.0.0–4.0.2; patch versio...

7.5CVSS6.5AI score0.00585EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/06/01 4:47 p.m.•24 views

CVE-2021-43307 Exponential ReDoS in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

5.9CVSS8AI score0.00585EPSS

Exploits1References1

Positive Technologies•added 2022/06/01 12:0 a.m.•4 views

PT-2022-11819 · Npm · Semver-Regex

Name of the Vulnerable Software and Affected Versions: semver-regex affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package when an attacker supplies arbitrary input to the test method. Recommendations...

7.5CVSS7.4AI score0.00585EPSS

Exploits1References8

vulnersOsv•added 2021/09/20 8:42 p.m.•1 views

08cms (=1.0.0), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +6889 more potentially affected by CVE-2021-3795 via semver-regex (>=0.1.1 <=3.1.2)

7.5CVSS7.1AI score0.00468EPSS

Exploits1

RedhatCVE•added 2021/09/20 5:46 p.m.•22 views

CVE-2021-3795

A flaw was found in the semver-regex library where it could lead to consuming a big amount of resources when executing specific strings. Attackers could take advantage of this by crafting an invalid version causing a disruption or a denial of service DoS...

7.5CVSS6AI score0.00468EPSS

Exploits1References3

Veracode•added 2021/09/16 4:0 a.m.•14 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string to the function semverRegex...

7.5CVSS3.3AI score0.00468EPSS

Exploits1References2Affected Software1

OSV•added 2021/09/15 5:15 p.m.•12 views

CVE-2021-3795

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS6.6AI score

Exploits0References2

NVD•added 2021/09/15 5:15 p.m.•7 views

CVE-2021-3795

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS0.00468EPSS

Exploits1References2

Prion•added 2021/09/15 5:15 p.m.•12 views

Design/Logic Flaw

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

5CVSS7.5AI score0.00468EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/09/15 4:23 p.m.•13 views

CVE-2021-3795 Inefficient Regular Expression Complexity in sindresorhus/semver-regex

semver-regex is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7.9AI score0.00468EPSS

Exploits1References2

Huntr•added 2021/09/10 12:9 p.m.•22 views

Inefficient Regular Expression Complexity in sindresorhus/semver-regex

✍️ Description It allows cause a denial of service when formatting crafted invalid semver versions. 🕵️‍♂️ Proof of Concept // PoC.mjs import semverRegex from 'semver-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = '0.0.0-0' + '.-------'.repeati1 + '@';...

5CVSS4.5AI score0.00468EPSS

Exploits1

Veracode•added 2021/01/08 3:51 a.m.•11 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string as a version number...

4.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by