Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2022-3510 Vulnerability in maven package com.google.protobuf:protobuf-javalite
CVE-2022-31160 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2022-41401 Vulnerability in maven package org.openrefine:main
CVE-2020-12265 Vulnerability in maven package org.webjars.npm:decompress-tar
CVE-2021-31597 Vulnerability in npm package xmlhttprequest-ssl