CVE-2022-25883

2023-06-2100:00:00

ubuntu.com

semver

package

redos

regular expression denial of service

unix

vulnerability

new range

untrusted user data

0.001 Low

EPSS

Percentile

41.9%

JSON

Versions of the package semver before 7.5.2 are vulnerable to Regular
Expression Denial of Service (ReDoS) via the function new Range, when
untrusted user data is provided as a range.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnode-semver< anyUNKNOWN
ubuntu20.04noarchnode-semver< anyUNKNOWN
ubuntu22.04noarchnode-semver< anyUNKNOWN
ubuntu23.10noarchnode-semver< anyUNKNOWN
ubuntu24.04noarchnode-semver< anyUNKNOWN
ubuntu14.04noarchnode-semver< anyUNKNOWN
ubuntu16.04noarchnode-semver< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	node-semver	< any	UNKNOWN
ubuntu	20.04	noarch	node-semver	< any	UNKNOWN
ubuntu	22.04	noarch	node-semver	< any	UNKNOWN
ubuntu	23.10	noarch	node-semver	< any	UNKNOWN
ubuntu	24.04	noarch	node-semver	< any	UNKNOWN
ubuntu	14.04	noarch	node-semver	< any	UNKNOWN
ubuntu	16.04	noarch	node-semver	< any	UNKNOWN