Severity: moderate

Regular Expression Denial of Service

semver

Overview

Versions 4.3.1 and earlier of semver are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed.

Remediation

Update to version 4.3.2 or later

Advisory timeline

  1. reported

    Oct 17th, 2015
  2. published

    Advisory published
    Apr 4th, 2015