Lucene search
JFROGCVELIST:CVE-2021-43307HistoryJun 01, 2022 - 4:47 p.m.
CVE-2021-43307 Exponential ReDoS in semver-regex
2022-06-0116:47:38
CWE-1333
JFROG
www.cve.org
8
cve-2021-43307
exponential redos
regular expression denial of service
semver-regex
npm package
test() method
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8
Confidence
High
EPSS
0.001
Percentile
36.8%
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
CNA Affected
[
{
"product": "semver-regex",
"vendor": "semver-regex",
"versions": [
{
"changes": [
{
"at": "4.0.3",
"status": "unaffected"
}
],
"lessThan": "3.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-43307
2022-06-02 14:15:30
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-06-03 09:04:17
cnvd
cnvd
npm semver-regex denial of service vulnerability
2022-06-09 00:00:00
nvd
nvd
CVE-2021-43307
2022-06-02 14:15:30
osv
osv
CVE-2021-43307
2022-06-02 14:15:30
Regular expression denial of service in semver-regex
2022-06-03 00:01:00
prion
prion
Input validation
2022-06-02 14:15:00
github
github
Regular expression denial of service in semver-regex
2022-06-03 00:01:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8
Confidence
High
EPSS
0.001
Percentile
36.8%
Related for CVELIST:CVE-2021-43307