Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2022-21164 Vulnerability in npm package node-lmdb
CVE-2019-10746 Vulnerability in maven package org.webjars.npm:mixin-deep
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js
CVE-2015-6420 Vulnerability in maven package commons-collections:commons-collections
CVE-2022-25842 Vulnerability in maven package com.alibaba.oneagent:one-java-agent-plugin