CGA-8fm8-5xq4-cc7g

Published

Last updated

https://images.chainguard.dev/security/CGA-8fm8-5xq4-cc7g

Package

vitess-18.0

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

CVE-2022-25883
GHSA-c2qf-rxjj-qqgw

Severity

Unknown

Summary

semver vulnerable to Regular Expression Denial of Service

Description

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-25883
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
https://github.com/npm/node-semver/pull/564
https://github.com/npm/node-semver/pull/585
https://github.com/npm/node-semver/pull/593
https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441
https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c
https://github.com/npm/node-semver
https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104
https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
https://github.com/npm/node-semver/blob/main/internal/re.js#L138
https://github.com/npm/node-semver/blob/main/internal/re.js#L160
https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
https://security.netapp.com/advisory/ntap-20241025-0004
https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-8fm8-5xq4-cc7g

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources