NodeJS/semver/4.3.2
The semantic version parser used by npm.
https://www.npmjs.com/package/semver
BSD
1 Security Vulnerabilities
semver vulnerable to Regular Expression Denial of Service
Published date: 2023-06-21T06:30:28Z
CVE: CVE-2022-25883
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25883
- https://github.com/npm/node-semver/pull/564
- https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
- https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
- https://github.com/npm/node-semver/blob/main/internal/re.js#L138
- https://github.com/npm/node-semver/blob/main/internal/re.js#L160
- https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
- https://github.com/npm/node-semver/pull/585
- https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
- https://github.com/npm/node-semver/pull/593
- https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
- https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
- https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
- https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
- https://security.netapp.com/advisory/ntap-20241025-0004
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Affected versions:
["7.0.0", "7.1.1", "7.2.0", "7.2.2", "7.3.0", "7.3.1", "7.3.2", "7.1.0", "7.1.2", "7.1.3", "7.2.1", "7.2.3", "7.3.3", "7.3.4", "7.3.5", "7.3.6", "7.3.7", "7.3.8", "7.4.0", "7.5.0", "7.5.1", "1.0.0", "1.0.1", "1.0.3", "1.0.4", "1.0.6", "1.0.8", "1.0.10", "1.0.11", "1.0.12", "1.0.13", "1.1.0", "1.1.2", "1.1.4", "2.0.0-alpha", "2.0.0-beta", "2.0.1", "2.0.2", "2.0.4", "2.0.5", "2.0.7", "2.0.10", "2.0.11", "2.1.0", "2.2.1", "2.3.0", "2.3.2", "3.0.0", "3.0.1", "4.0.0", "4.0.2", "4.2.0", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.3.6", "5.0.1", "5.0.2", "5.2.0", "5.3.0", "5.5.1", "5.6.0", "5.7.1", "1.0.2", "1.0.5", "1.0.7", "1.0.9", "1.0.14", "1.1.1", "1.1.3", "2.0.3", "2.0.6", "2.0.8", "2.0.9", "2.2.0", "2.3.1", "4.0.3", "4.1.0", "4.1.1", "4.2.1", "4.2.2", "4.3.5", "5.0.0", "5.0.3", "5.1.0", "5.1.1", "5.4.0", "5.4.1", "5.5.0", "5.7.0", "6.0.0", "6.1.0", "6.1.2", "6.1.3", "6.2.0", "6.3.0", "6.1.1"]
Secure versions:
[5.7.2, 6.3.1, 7.5.2, 7.5.3, 7.5.4, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.7.0, 7.7.1, 7.7.2]
Recommendation:
Update to version 7.7.2.
111 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 7.7.2 | ISC | 2025-05-12 - 17:02 | about 2 months | |
| 7.7.1 | ISC | 2025-02-03 - 21:46 | 5 months | |
| 7.7.0 | ISC | 2025-01-29 - 17:14 | 5 months | |
| 7.6.3 | ISC | 2024-07-16 - 22:27 | 12 months | |
| 7.6.2 | ISC | 2024-05-09 - 16:02 | about 1 year | |
| 7.6.1 | ISC | 2024-05-07 - 16:02 | about 1 year | |
| 7.6.0 | ISC | 2024-02-05 - 17:06 | over 1 year | |
| 7.5.4 | ISC | 2023-07-07 - 21:10 | almost 2 years | |
| 7.5.3 | ISC | 2023-06-22 - 21:53 | about 2 years | |
| 7.5.2 | ISC | 2023-06-15 - 20:26 | about 2 years | |
| 7.5.1 | ISC | 1 | 2023-05-12 - 16:39 | about 2 years |
| 7.5.0 | ISC | 1 | 2023-04-17 - 17:22 | about 2 years |
| 7.4.0 | ISC | 1 | 2023-04-10 - 21:57 | about 2 years |
| 7.3.8 | ISC | 1 | 2022-10-04 - 19:40 | over 2 years |
| 7.3.7 | ISC | 1 | 2022-04-12 - 17:26 | about 3 years |
| 7.3.6 | ISC | 1 | 2022-04-06 - 16:35 | about 3 years |
| 7.3.5 | ISC | 1 | 2021-03-23 - 01:37 | over 4 years |
| 7.3.4 | ISC | 1 | 2020-12-01 - 20:15 | over 4 years |
| 7.3.3 | ISC | 1 | 2020-12-01 - 19:30 | over 4 years |
| 7.3.2 | ISC | 1 | 2020-04-14 - 17:43 | about 5 years |
| 7.3.1 | ISC | 1 | 2020-04-14 - 16:56 | about 5 years |
| 7.3.0 | ISC | 1 | 2020-04-14 - 01:08 | about 5 years |
| 7.2.3 | ISC | 1 | 2020-04-13 - 18:31 | about 5 years |
| 7.2.2 | ISC | 1 | 2020-04-10 - 16:01 | about 5 years |
| 7.2.1 | ISC | 1 | 2020-04-06 - 23:37 | about 5 years |
| 7.2.0 | ISC | 1 | 2020-04-06 - 23:36 | about 5 years |
| 7.1.3 | ISC | 1 | 2020-02-11 - 21:54 | over 5 years |
| 7.1.2 | ISC | 1 | 2020-01-31 - 01:29 | over 5 years |
| 7.1.1 | ISC | 1 | 2019-12-17 - 16:56 | over 5 years |
| 7.1.0 | ISC | 1 | 2019-12-17 - 01:28 | over 5 years |
| 7.0.0 | ISC | 1 | 2019-12-14 - 19:36 | over 5 years |
| 6.3.1 | ISC | 2023-07-10 - 22:38 | almost 2 years | |
| 6.3.0 | ISC | 1 | 2019-07-23 - 19:25 | almost 6 years |
| 6.2.0 | ISC | 1 | 2019-07-01 - 23:03 | about 6 years |
| 6.1.3 | ISC | 1 | 2019-07-01 - 05:51 | about 6 years |
| 6.1.2 | ISC | 1 | 2019-06-24 - 01:48 | about 6 years |
| 6.1.1 | ISC | 1 | 2019-05-28 - 17:15 | about 6 years |
| 6.1.0 | ISC | 1 | 2019-05-22 - 21:12 | about 6 years |
| 6.0.0 | ISC | 1 | 2019-03-26 - 23:30 | over 6 years |
| 5.7.2 | ISC | 2023-07-10 - 19:57 | almost 2 years | |
| 5.7.1 | ISC | 1 | 2019-08-12 - 16:28 | almost 6 years |
| 5.7.0 | ISC | 1 | 2019-03-26 - 23:25 | over 6 years |
| 5.6.0 | ISC | 1 | 2018-10-10 - 23:52 | over 6 years |
| 5.5.1 | ISC | 1 | 2018-08-17 - 20:35 | almost 7 years |
| 5.5.0 | ISC | 1 | 2018-01-16 - 19:27 | over 7 years |
| 5.4.1 | ISC | 1 | 2017-07-24 - 18:48 | almost 8 years |
| 5.4.0 | ISC | 1 | 2017-07-24 - 16:39 | almost 8 years |
| 5.3.0 | ISC | 1 | 2016-07-14 - 16:52 | almost 9 years |
| 5.2.0 | ISC | 1 | 2016-06-28 - 18:00 | about 9 years |
| 5.1.1 | ISC | 1 | 2016-06-23 - 18:00 | about 9 years |