Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2021-23446 Vulnerability in npm package handsontable
CVE-2011-1772 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2021-4307 Vulnerability in maven package org.webjars.npm:baobab
CVE-2020-7748 Vulnerability in npm package @tsed/core
CVE-2021-46036 Vulnerability in maven package net.mingsoft:ms-mcms