CVE-2022-25883 – nodejs-semver: Regular expression denial of service

https://notcve.org/view.php?id=CVE-2022-25883

21 Jun 2023 — Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of servi... • https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104 • CWE-1333: Inefficient Regular Expression Complexity •