Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2022-25883 @ Npm-semver-6.3.0 #130

Open
westonphillips opened this issue Jun 29, 2023 · 0 comments
Open

CVE-2022-25883 @ Npm-semver-6.3.0 #130

westonphillips opened this issue Jun 29, 2023 · 0 comments
Labels
branch:main Checkmarx CxSCA

Comments

@westonphillips
Copy link
Owner

westonphillips commented Jun 29, 2023
edited
Loading

Vulnerable Package issue exists @ Npm-semver-6.3.0 in branch main

The package semver versions prior to 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Namespace: westonphillips
Repository: CheckmarxOnePOV
Repository Url: https://github.com/westonphillips/CheckmarxOnePOV
CxAST-Project: westonphillips/CheckmarxOnePOV
CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c
Branch: main
Application: CheckmarxOnePOV
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1333

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: LOW

References
Advisory
Commit
Pull request
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
branch:main Checkmarx CxSCA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@westonphillips