Description
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Remediation
References
https://nodesecurity.io/advisories/31
http://www.openwall.com/lists/oss-security/2016/04/20/11
http://www.securityfocus.com/bid/86957
Related Vulnerabilities
CVE-2021-32050 Vulnerability in npm package mongodb
CVE-2021-32731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web
CVE-2021-25929 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2023-5571 Vulnerability in npm package @vrite/sdk
CVE-2021-25924 Vulnerability in maven package cd.go.plugin:go-plugin-api