The semver package prior to 4.3.2 for Node.js allows malicious users to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
nodejs node.js |
Vulmon