VYPR

npm package

semver

pkg:npm/semver

Vulnerabilities (2)

  • CVE-2022-25883Jun 21, 2023
    affected >= 7.0.0, < 7.5.2fixed 7.5.2

    Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

  • CVE-2015-8855HigJan 23, 2017
    affected >= 1.0.4, < 4.3.2fixed 4.3.2

    The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."