Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2017-16217 Vulnerability in npm package fbr-client
CVE-2023-26105 Vulnerability in npm package utilities
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13
CVE-2023-35088 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2021-44550 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp