Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 81f75e1

Browse files
advisory-database[bot]advisory-database[bot]
authored
Merge pull request #2484 from github/G-Rath-GHSA-c2qf-rxjj-qqgw 
2 parents 32c6ddc + 8d78e4e commit 81f75e1

File tree

1 file changed

+25
-12
lines changed

1 file changed

+25
-12
lines changed

advisories/github-reviewed/2023/06/GHSA-c2qf-rxjj-qqgw/GHSA-c2qf-rxjj-qqgw.json

Lines changed: 25 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-c2qf-rxjj-qqgw",
4-
"modified": "2023-07-10T22:04:25Z",
4+
"modified": "2023-07-10T22:04:27Z",
55
"published": "2023-06-21T06:30:28Z",
66
"aliases": [
77
"CVE-2022-25883"
88
],
99
"summary": "semver vulnerable to Regular Expression Denial of Service",
10-
"details": "Versions of the package semver before 7.5.2 on the 7.x branch as well as before 6.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\n\n\n",
10+
"details": "Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\n\n\n",
1111
"severity": [
1212
{
1313
"type": "CVSS_V3",
@@ -20,11 +20,6 @@
2020
"ecosystem": "npm",
2121
"name": "semver"
2222
},
23-
"ecosystem_specific": {
24-
"affected_functions": [
25-
"semver.Range"
26-
]
27-
},
2823
"ranges": [
2924
{
3025
"type": "ECOSYSTEM",
@@ -44,10 +39,24 @@
4439
"ecosystem": "npm",
4540
"name": "semver"
4641
},
47-
"ecosystem_specific": {
48-
"affected_functions": [
49-
"semver.Range"
50-
]
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "6.0.0"
48+
},
49+
{
50+
"fixed": "6.3.1"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "npm",
59+
"name": "semver"
5160
},
5261
"ranges": [
5362
{
@@ -57,7 +66,7 @@
5766
"introduced": "0"
5867
},
5968
{
60-
"fixed": "6.3.1"
69+
"fixed": "5.7.2"
6170
}
6271
]
6372
}
@@ -77,6 +86,10 @@
7786
"type": "WEB",
7887
"url": "https://github.com/npm/node-semver/pull/585"
7988
},
89+
{
90+
"type": "WEB",
91+
"url": "https://github.com/npm/node-semver/pull/593"
92+
},
8093
{
8194
"type": "WEB",
8295
"url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"

0 commit comments

Comments
 (0)