Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Remediation
References
https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Related Vulnerabilities
CVE-2021-26539 Vulnerability in npm package sanitize-html
CVE-2020-28441 Vulnerability in npm package conf-cfg-ini
CVE-2020-7709 Vulnerability in npm package json-pointer
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hadoop-dbcp-service
CVE-2013-5679 Vulnerability in maven package org.owasp.esapi:esapi