/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-8fm8-5xq4-cc7g

Published

Last updated

https://images.chainguard.dev/security/CGA-8fm8-5xq4-cc7g
Package

vitess-18.0

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2022-25883
  • GHSA-c2qf-rxjj-qqgw

Severity

Unknown

Summary

semver vulnerable to Regular Expression Denial of Service

Description

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs