Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2023-3691 Vulnerability in maven package org.webjars.npm:github-com-layui-layui
CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-jdbcconfig
CVE-2022-2217 Vulnerability in npm package parse-url
CVE-2021-43309 Vulnerability in npm package uri-template-lite