You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using version 17.1.0 of eslint-config-standard where it is using semver version 6.3.0
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
We are doing our best to keep our direct dependencies up to date. Otherwise, there is not much we can do for nested dependencies. If you care enough, go ahead and contribute upstream.
Hi Team,
Using version 17.1.0 of eslint-config-standard where it is using semver version 6.3.0
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
CWE-1333 Inefficient Regular Expression Complexity
CVSSv3:
Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
OSSINDEX - [CVE-2022-25883] CWE-1333
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25883
OSSIndex - npm/node-semver#564
OSSIndex - https://vuldb.com/?id.232060
The text was updated successfully, but these errors were encountered: