npm

Severity: moderate

Regular Expression Denial of Service

semver

Overview

Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.

Remediation

Update to version 4.3.2 or later

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Adam Baldwin
    Oct 17th, 2015
  2. published

    Advisory published
    Apr 4th, 2015