{"url":"http://public2.vulnerablecode.io/api/packages/65678?format=json","purl":"pkg:npm/semver@7.5.2","type":"npm","namespace":"","name":"semver","version":"7.5.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45463?format=json","vulnerability_id":"VCID-hu38-keee-9uaz","summary":"semver vulnerable to Regular Expression Denial of Service\nVersions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.","references":[{"reference_url":"https://github.com/npm/node-semver","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver"},{"reference_url":"https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104"},{"reference_url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L138","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L138"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L160","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js%23L160"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L138"},{"reference_url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/blob/main/internal/re.js#L160"},{"reference_url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0"},{"reference_url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"},{"reference_url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"},{"reference_url":"https://github.com/npm/node-semver/pull/564","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/pull/564"},{"reference_url":"https://github.com/npm/node-semver/pull/585","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/pull/585"},{"reference_url":"https://github.com/npm/node-semver/pull/593","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/npm/node-semver/pull/593"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241025-0004","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20241025-0004"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795","reference_id":"","reference_type":"","scores":[],"url":"https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883","reference_id":"CVE-2022-25883","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25883"},{"reference_url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw","reference_id":"GHSA-c2qf-rxjj-qqgw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65680?format=json","purl":"pkg:npm/semver@5.7.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/semver@5.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/65679?format=json","purl":"pkg:npm/semver@6.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/semver@6.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/65678?format=json","purl":"pkg:npm/semver@7.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/semver@7.5.2"}],"aliases":["CVE-2022-25883","GHSA-c2qf-rxjj-qqgw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hu38-keee-9uaz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/semver@7.5.2"}