Lucene search
+L

132 matches found

OSV
OSV
added 2023/06/21 5:15 a.m.7 views

UBUNTU-CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References8
Cvelist
Cvelist
added 2023/06/21 5:0 a.m.40 views

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

5.3CVSS8.7AI score0.02761EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2023/06/21 5:0 a.m.83 views

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

7.5CVSS7.2AI score0.02761EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/06/21 5:0 a.m.13 views

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

5.3CVSS6.8AI score0.02761EPSS
Exploits1References6
CVE
CVE
added 2023/06/21 5:0 a.m.662 views

CVE-2022-25883

CVE-2022-25883 (semver ReDoS) affects the npm package semver prior to 7.5.2. The vulnerability arises in the creation of a new Range when untrusted user data is supplied, enabling a Regular Expression Denial of Service (ReDoS). The issue is documented in the IBM Security Bulletin for CVE-2022-258...

7.5CVSS8.3AI score0.02761EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/06/21 5:0 a.m.40 views

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

5.3CVSS7AI score0.02761EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/06/21 12:0 a.m.4 views

node-semver 安全漏洞

npm node-semver is a library from the American company npm. A security vulnerability exists in node-semver versions prior to 7.5.2, which stems from vulnerability to Regular Expression Denial of Service ReDoS attacks...

7.5CVSS6.7AI score0.02761EPSS
Exploits1References16
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.41 views

K30110324: Multiple Node.js vulnerabilities

Security Advisory Description CVE-2013-7451 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. CVE-2013-7452 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a...

7.8CVSS6AI score0.06488EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.3 views

SUSE CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

7.8CVSS6.8AI score0.06488EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/02/07 4:26 a.m.32 views

CVE-2022-25853

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.4CVSS7.9AI score0.01078EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2023/02/06 6:30 a.m.6 views

@braira/changelog (>=1.0.0 <=1.0.4), grunt-ivantage-svn-changelog (>=0.3.0 <=0.4.1) potentially affected by CVE-2022-25853 via semver-tags (>=0.1.5 <=0.4.10)

semver-tags NPM version =0.1.5, =1.0.0, =0.3.0, =0.4.1 Source cves: CVE-2022-25853 Source advisory: OSV:GHSA-8H3G-HCWP-6HXQ...

7.8CVSS7.1AI score0.01078EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/02/06 6:30 a.m.23 views

semver-tags is vulnerable to Command Injection via the getGitTagsRemote function

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.8CVSS6AI score0.01078EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/02/06 6:30 a.m.3 views

GHSA-8H3G-HCWP-6HXQ semver-tags is vulnerable to Command Injection via the getGitTagsRemote function

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.8CVSS7.1AI score0.01078EPSS
Exploits1References5
OSV
OSV
added 2023/02/06 5:15 a.m.2 views

CVE-2022-25853

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.8CVSS5.8AI score0.01078EPSS
Exploits1References2
Prion
Prion
added 2023/02/06 5:15 a.m.14 views

Command injection

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

4.3CVSS7.9AI score0.01078EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/06 5:0 a.m.5 views

CVE-2022-25853

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.4CVSS7.6AI score0.01078EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.1 views

semver-tags 安全漏洞

semver-tags is jtrussell's personal developer's tool for obtaining semver tags for repos. A security vulnerability exists in semver-tags, which stems from improper cleaning of user input. An attacker can exploit this vulnerability to perform command injection via the getGitTagsRemote function...

7.8CVSS7.4AI score0.01078EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.11 views

Ubuntu: Security Advisory (USN-4776-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.06488EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/01/25 4:0 p.m.5 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9094 more potentially affected by CVE-2022-25883 via semver (>=6.0.0 <=6.3.0)

semver NPM version =6.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =3.4.1, =3.4.2 and more Source cves: CVE-2022-25883 Source advisory: SNYK:JS-SEMVER-3247795...

7.5CVSS6.7AI score0.02761EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/01/25 4:0 p.m.5 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0.8.18-p11 (=0.8.18-p12) +33559 more potentially affected by CVE-2022-25883 via semver (>=5.0.0 <=5.7.1)

semver NPM version =5.0.0, =1.0.1, =0.0.2, =1.0.4, =1.0.0, =1.0.3, =1.0.9, =0.1.0, =0.3.0 - 20190403-utils =1.0.0 and more Source cves: CVE-2022-25883 Source advisory: SNYK:JS-SEMVER-3247795...

7.5CVSS6.7AI score0.02761EPSS
Exploits1
Rows per page
Query Builder