Regular Expression Denial of Servicesemver
Versions 4.3.1 and earlier of
semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.
Update to version 4.3.2 or later
Have content suggestions? Send them to [email protected]
publishedAdvisory publishedApr 4th, 2015
reportedInitial report by Adam BaldwinOct 17th, 2015