132 matches found
UBUNTU-CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
CVE-2022-25883
CVE-2022-25883 (semver ReDoS) affects the npm package semver prior to 7.5.2. The vulnerability arises in the creation of a new Range when untrusted user data is supplied, enabling a Regular Expression Denial of Service (ReDoS). The issue is documented in the IBM Security Bulletin for CVE-2022-258...
CVE-2022-25883
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
node-semver 安全漏洞
npm node-semver is a library from the American company npm. A security vulnerability exists in node-semver versions prior to 7.5.2, which stems from vulnerability to Regular Expression Denial of Service ReDoS attacks...
K30110324: Multiple Node.js vulnerabilities
Security Advisory Description CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. CVE-2013-7452 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a...
SUSE CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
@braira/changelog (>=1.0.0 <=1.0.4), grunt-ivantage-svn-changelog (>=0.3.0 <=0.4.1) potentially affected by CVE-2022-25853 via semver-tags (>=0.1.5 <=0.4.10)
semver-tags NPM version =0.1.5, =1.0.0, =0.3.0, =0.4.1 Source cves: CVE-2022-25853 Source advisory: OSV:GHSA-8H3G-HCWP-6HXQ...
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
GHSA-8H3G-HCWP-6HXQ semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
Command injection
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
CVE-2022-25853
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...
semver-tags 安全漏洞
semver-tags is jtrussell's personal developer's tool for obtaining semver tags for repos. A security vulnerability exists in semver-tags, which stems from improper cleaning of user input. An attacker can exploit this vulnerability to perform command injection via the getGitTagsRemote function...
Ubuntu: Security Advisory (USN-4776-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9094 more potentially affected by CVE-2022-25883 via semver (>=6.0.0 <=6.3.0)
semver NPM version =6.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =3.4.1, =3.4.2 and more Source cves: CVE-2022-25883 Source advisory: SNYK:JS-SEMVER-3247795...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0.8.18-p11 (=0.8.18-p12) +33559 more potentially affected by CVE-2022-25883 via semver (>=5.0.0 <=5.7.1)
semver NPM version =5.0.0, =1.0.1, =0.0.2, =1.0.4, =1.0.0, =1.0.3, =1.0.9, =0.1.0, =0.3.0 - 20190403-utils =1.0.0 and more Source cves: CVE-2022-25883 Source advisory: SNYK:JS-SEMVER-3247795...