High severity7.5NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026
CVE-2015-8855
CVE-2015-8855
Description
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
semvernpm | >= 1.0.4, < 4.3.2 | 4.3.2 |
Affected products
2Patches
Vulnerability mechanics
References
10- nodesecurity.io/advisories/31nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2016/04/20/11nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/86957nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-x6fg-f45m-jf5qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8855ghsaADVISORY
- github.com/github/advisory-database/pull/7102ghsaWEB
- github.com/npm/node-semver/commit/5c4c9f6e26c7052a42b5ced2a7481c5c9b4363a0ghsaWEB
- github.com/npm/node-semver/commit/c80180d8341a8ada0236815c29a2be59864afd70ghsaWEB
- www.npmjs.com/advisories/31ghsaWEB
- www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoSghsaWEB
News mentions
0No linked articles in our index yet.