CVE-2022-25883
CVE-2022-25883 (semver ReDoS) affects the npm package semver prior to 7.5.2. The vulnerability arises in the creation of a new Range when untrusted user data is supplied, enabling a Regular Expression Denial of Service (ReDoS). The issue is documented in the IBM Security Bulletin for CVE-2022-258...