Lucene search
K

132 matches found

vulnersOsv
vulnersOsv
added 2023/01/25 4:0 p.m.3 views

007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17741 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)

semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...

7.5CVSS6.7AI score0.02761EPSS
Exploits1
Snyk
Snyk
added 2023/01/25 4:0 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview semver is a semantic version parser used by npm. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range. PoC js const semver = require'semver' const lengths2 = 2000, 4000,...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/12/19 10:47 a.m.6 views

@braira/changelog (>=1.0.0 <=1.0.4), grunt-ivantage-svn-changelog (>=0.3.0 <=0.4.1) potentially affected by CVE-2022-25853 via semver-tags (>=0.1.5 <=0.4.10)

semver-tags NPM version =0.1.5, =1.0.0, =0.3.0, =0.4.1 Source cves: CVE-2022-25853 Source advisory: SNYK:JS-SEMVERTAGS-3175612...

7.8CVSS7.1AI score0.01078EPSS
Exploits1
Snyk
Snyk
added 2022/12/19 10:47 a.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. PoC js var r = require"semver-tags" opt = "repoType":"git","repoPath":"";touch EXPLOITED;"" finalCb = console.log ropt,finalCb Remediation There is...

7.8CVSS7.3AI score0.01078EPSS
Exploits1References2
OSV
OSV
added 2022/06/20 8:21 p.m.6 views

MAL-2022-696 Malicious code in @unpkg-semver/pedops-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e7b5459fd755d4527552fb55fb90015ab04eee1a1afd2678656b04c0ea32ec19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:21 p.m.11 views

MAL-2022-697 Malicious code in @unpkg-semver/wix-recorder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 910f14b4935796b6ad35693ca2a4f0c5d3c04eefe4ebd6da1e7b75cfc03fb1fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNVD
CNVD
added 2022/06/09 12:0 a.m.49 views

npm semver-regex denial of service vulnerability

npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...

5CVSS4.6AI score0.01455EPSS
Exploits1Affected Software2
Veracode
Veracode
added 2022/06/03 9:4 a.m.35 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. The vulnerability exists in semverRegex function in index.js due to improper use of regular expressions which allows an attacker to cause a ReDos...

7.5CVSS4.3AI score0.01455EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/06/03 12:1 a.m.1 views

GHSA-4X5V-GMQ8-25CH Regular expression denial of service in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

7.5CVSS7.2AI score0.01455EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/06/03 12:1 a.m.4 views

08cms (=1.0.0), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +6854 more potentially affected by CVE-2021-43307 via semver-regex (>=0.1.1 <=3.1.3)

semver-regex NPM version =0.1.1, =0.0.1, =1.0.0, =3.1.4, =1.0.3, =1.0.0, =3.1.6, =0.0.1, =1.0.0, =1.0.0, =1.1.2 - 3vot-clay =2.0.1 - 433bf =0.0.1 and more Source cves: CVE-2021-43307 Source advisory: OSV:GHSA-4X5V-GMQ8-25CH...

7.5CVSS7.1AI score0.01455EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/06/03 12:1 a.m.37 views

Regular expression denial of service in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

7.5CVSS4.5AI score0.01455EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/06/02 2:15 p.m.18 views

CVE-2021-43307

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

7.5CVSS0.01455EPSS
Exploits1References1
OSV
OSV
added 2022/06/02 2:15 p.m.26 views

CVE-2021-43307

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

7.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2022/06/02 2:15 p.m.23 views

Input validation

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

5CVSS7.6AI score0.01455EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.23 views

semver-regex 安全漏洞

npm semver-regex is a regular expression used to match semver versions. semver-regex versions prior to 3.1.4 and versions 4.0.0 inclusive through 4.0.2 have a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited to cause a denial of...

7.5CVSS5.7AI score0.01455EPSS
Exploits1References3
CVE
CVE
added 2022/06/01 4:47 p.m.263 views

CVE-2021-43307

CVE-2021-43307 is a Denial of Service vulnerability in the semver-regex npm package that can be triggered by arbitrary input to the test() method, causing an exponential ReDoS. Public sources (CNVD-2022-76985) indicate DoS affects semver-regex versions prior to 3.1.4 and 4.0.0–4.0.2; patch versio...

7.5CVSS6.5AI score0.01455EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/01 4:47 p.m.47 views

CVE-2021-43307 Exponential ReDoS in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

5.9CVSS8AI score0.01455EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/06/01 12:0 a.m.7 views

PT-2022-11819

Name of the Vulnerable Software and Affected Versions semver-regex affected versions not specified Description An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package when an attacker supplies arbitrary input to the test method. Recommendations A...

7.5CVSS7.6AI score0.01455EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2022/05/29 11:5 p.m.4 views

CVE-2021-43307

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

7.5CVSS7.2AI score0.01455EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/09/20 8:42 p.m.4 views

08cms (=1.0.0), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +6853 more potentially affected by CVE-2021-3795 via semver-regex (>=0.1.1 <=3.1.2)

semver-regex NPM version =0.1.1, =0.0.1, =1.0.0, =3.1.4, =1.0.3, =1.0.0, =3.1.6, =0.0.1, =1.0.0, =1.0.0, =1.1.2 - 3vot-clay =2.0.1 - 433bf =0.0.1 and more Source cves: CVE-2021-3795 Source advisory: OSV:GHSA-44C6-4V22-4MHX...

7.5CVSS7.1AI score0.01457EPSS
Exploits1
Rows per page
Query Builder