Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2018-20190 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2023-0842 Vulnerability in maven package org.webjars.npm:xml2js
CVE-2020-11079 Vulnerability in npm package dns-sync
CVE-2017-3203 Vulnerability in maven package org.springframework.flex:spring-flex-core
CVE-2022-29647 Vulnerability in maven package net.mingsoft:ms-mcms