Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/semver@6.3.1
Typenpm
Namespace
Namesemver
Version6.3.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.5.2
Latest_non_vulnerable_version7.5.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-hu38-keee-9uaz
vulnerability_id VCID-hu38-keee-9uaz
summary 
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
references
0
reference_url https://github.com/npm/node-semver
reference_id
reference_type
scores
url https://github.com/npm/node-semver
1
reference_url https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
reference_id
reference_type
scores
url https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
2
reference_url https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
reference_id
reference_type
scores
url https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
3
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
reference_id
reference_type
scores
url https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
4
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
reference_id
reference_type
scores
url https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
5
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js#L138
reference_id
reference_type
scores
url https://github.com/npm/node-semver/blob/main/internal/re.js#L138
6
reference_url https://github.com/npm/node-semver/blob/main/internal/re.js#L160
reference_id
reference_type
scores
url https://github.com/npm/node-semver/blob/main/internal/re.js#L160
7
reference_url https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
reference_id
reference_type
scores
url https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
8
reference_url https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
reference_id
reference_type
scores
url https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
9
reference_url https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
reference_id
reference_type
scores
url https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
10
reference_url https://github.com/npm/node-semver/pull/564
reference_id
reference_type
scores
url https://github.com/npm/node-semver/pull/564
11
reference_url https://github.com/npm/node-semver/pull/585
reference_id
reference_type
scores
url https://github.com/npm/node-semver/pull/585
12
reference_url https://github.com/npm/node-semver/pull/593
reference_id
reference_type
scores
url https://github.com/npm/node-semver/pull/593
13
reference_url https://security.netapp.com/advisory/ntap-20241025-0004
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20241025-0004
14
reference_url https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
reference_id
reference_type
scores
url https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25883
reference_id CVE-2022-25883
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-25883
16
reference_url https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
reference_id GHSA-c2qf-rxjj-qqgw
reference_type
scores
url https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fixed_packages
0
url pkg:npm/semver@5.7.2
purl pkg:npm/semver@5.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semver@5.7.2
1
url pkg:npm/semver@6.3.1
purl pkg:npm/semver@6.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semver@6.3.1
2
url pkg:npm/semver@7.5.2
purl pkg:npm/semver@7.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/semver@7.5.2
aliases CVE-2022-25883, GHSA-c2qf-rxjj-qqgw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu38-keee-9uaz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/semver@6.3.1