6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.0%
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/