132 matches found
007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17741 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)
semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...
Regular Expression Denial of Service (ReDoS)
Overview semver is a semantic version parser used by npm. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. PoC js const semver = require'semver' const lengths2 = 2000, 4000,...
@braira/changelog (>=1.0.0 <=1.0.4), grunt-ivantage-svn-changelog (>=0.3.0 <=0.4.1) potentially affected by CVE-2022-25853 via semver-tags (>=0.1.5 <=0.4.10)
semver-tags NPM version =0.1.5, =1.0.0, =0.3.0, =0.4.1 Source cves: CVE-2022-25853 Source advisory: SNYK:JS-SEMVERTAGS-3175612...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. PoC js var r = require"semver-tags" opt = "repoType":"git","repoPath":"";touch EXPLOITED;"" finalCb = console.log ropt,finalCb Remediation There is...
MAL-2022-696 Malicious code in @unpkg-semver/pedops-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7b5459fd755d4527552fb55fb90015ab04eee1a1afd2678656b04c0ea32ec19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-697 Malicious code in @unpkg-semver/wix-recorder (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 910f14b4935796b6ad35693ca2a4f0c5d3c04eefe4ebd6da1e7b75cfc03fb1fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
npm semver-regex denial of service vulnerability
npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...
Regular Expression Denial Of Service (ReDoS)
semver-regex is vulnerable to regular expression denial of service. The vulnerability exists in semverRegex function in index.js due to improper use of regular expressions which allows an attacker to cause a ReDos...
GHSA-4X5V-GMQ8-25CH Regular expression denial of service in semver-regex
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
08cms (=1.0.0), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +6854 more potentially affected by CVE-2021-43307 via semver-regex (>=0.1.1 <=3.1.3)
semver-regex NPM version =0.1.1, =0.0.1, =1.0.0, =3.1.4, =1.0.3, =1.0.0, =3.1.6, =0.0.1, =1.0.0, =1.0.0, =1.1.2 - 3vot-clay =2.0.1 - 433bf =0.0.1 and more Source cves: CVE-2021-43307 Source advisory: OSV:GHSA-4X5V-GMQ8-25CH...
Regular expression denial of service in semver-regex
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
CVE-2021-43307
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
CVE-2021-43307
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
Input validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
semver-regex 安全漏洞
npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...
CVE-2021-43307
CVE-2021-43307 is a Denial of Service vulnerability in the semver-regex npm package that can be triggered by arbitrary input to the test() method, causing an exponential ReDoS. Public sources (CNVD-2022-76985) indicate DoS affects semver-regex versions prior to 3.1.4 and 4.0.0–4.0.2; patch versio...
CVE-2021-43307 Exponential ReDoS in semver-regex
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
PT-2022-11819
Name of the Vulnerable Software and Affected Versions semver-regex affected versions not specified Description An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package when an attacker supplies arbitrary input to the test method. Recommendations A...
CVE-2021-43307
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
08cms (=1.0.0), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +6853 more potentially affected by CVE-2021-3795 via semver-regex (>=0.1.1 <=3.1.2)
semver-regex NPM version =0.1.1, =0.0.1, =1.0.0, =3.1.4, =1.0.3, =1.0.0, =3.1.6, =0.0.1, =1.0.0, =1.0.0, =1.1.2 - 3vot-clay =2.0.1 - 433bf =0.0.1 and more Source cves: CVE-2021-3795 Source advisory: OSV:GHSA-44C6-4V22-4MHX...