First published: Wed Jun 21 2023(Updated: )
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.
Credit: report@snyk.io report@snyk.io report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nodejs | <18-9020020230825081254.rhel9 | 18-9020020230825081254.rhel9 |
redhat/eap7-activemq-artemis | <0:2.16.0-15.redhat_00049.1.el8ea | 0:2.16.0-15.redhat_00049.1.el8ea |
redhat/eap7-bouncycastle | <0:1.76.0-4.redhat_00001.1.el8ea | 0:1.76.0-4.redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.3.19-1.Final_redhat_00001.1.el8ea | 0:3.3.19-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.31-1.Final_redhat_00001.1.el8ea | 0:5.3.31-1.Final_redhat_00001.1.el8ea |
redhat/eap7-ironjacamar | <0:1.5.15-1.Final_redhat_00001.1.el8ea | 0:1.5.15-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-marshalling | <0:2.0.13-2.SP1_redhat_00001.1.el8ea | 0:2.0.13-2.SP1_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.12.2-1.Final_redhat_00001.1.el8ea | 0:1.12.2-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.10.0-31.Final_redhat_00030.1.el8ea | 0:1.10.0-31.Final_redhat_00030.1.el8ea |
redhat/eap7-jboss-xnio-base | <0:3.8.10-1.Final_redhat_00001.1.el8ea | 0:3.8.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-netty | <0:4.1.94-1.Final_redhat_00001.1.el8ea | 0:4.1.94-1.Final_redhat_00001.1.el8ea |
redhat/eap7-netty-transport-native-epoll | <0:4.1.94-1.Final_redhat_00001.1.el8ea | 0:4.1.94-1.Final_redhat_00001.1.el8ea |
redhat/eap7-resteasy | <0:3.15.8-1.Final_redhat_00001.1.el8ea | 0:3.15.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.2.26-1.SP1_redhat_00001.1.el8ea | 0:2.2.26-1.SP1_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.4.13-8.GA_redhat_00001.1.el8ea | 0:7.4.13-8.GA_redhat_00001.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.15.20-1.Final_redhat_00001.1.el8ea | 0:1.15.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-activemq-artemis | <0:2.16.0-15.redhat_00049.1.el9ea | 0:2.16.0-15.redhat_00049.1.el9ea |
redhat/eap7-bouncycastle | <0:1.76.0-4.redhat_00001.1.el9ea | 0:1.76.0-4.redhat_00001.1.el9ea |
redhat/eap7-hal-console | <0:3.3.19-1.Final_redhat_00001.1.el9ea | 0:3.3.19-1.Final_redhat_00001.1.el9ea |
redhat/eap7-hibernate | <0:5.3.31-1.Final_redhat_00001.1.el9ea | 0:5.3.31-1.Final_redhat_00001.1.el9ea |
redhat/eap7-ironjacamar | <0:1.5.15-1.Final_redhat_00001.1.el9ea | 0:1.5.15-1.Final_redhat_00001.1.el9ea |
redhat/eap7-jboss-marshalling | <0:2.0.13-2.SP1_redhat_00001.1.el9ea | 0:2.0.13-2.SP1_redhat_00001.1.el9ea |
redhat/eap7-jboss-modules | <0:1.12.2-1.Final_redhat_00001.1.el9ea | 0:1.12.2-1.Final_redhat_00001.1.el9ea |
redhat/eap7-jboss-server-migration | <0:1.10.0-31.Final_redhat_00030.1.el9ea | 0:1.10.0-31.Final_redhat_00030.1.el9ea |
redhat/eap7-jboss-xnio-base | <0:3.8.10-1.Final_redhat_00001.1.el9ea | 0:3.8.10-1.Final_redhat_00001.1.el9ea |
redhat/eap7-netty | <0:4.1.94-1.Final_redhat_00001.1.el9ea | 0:4.1.94-1.Final_redhat_00001.1.el9ea |
redhat/eap7-netty-transport-native-epoll | <0:4.1.94-1.Final_redhat_00001.1.el9ea | 0:4.1.94-1.Final_redhat_00001.1.el9ea |
redhat/eap7-resteasy | <0:3.15.8-1.Final_redhat_00001.1.el9ea | 0:3.15.8-1.Final_redhat_00001.1.el9ea |
redhat/eap7-undertow | <0:2.2.26-1.SP1_redhat_00001.1.el9ea | 0:2.2.26-1.SP1_redhat_00001.1.el9ea |
redhat/eap7-wildfly | <0:7.4.13-8.GA_redhat_00001.1.el9ea | 0:7.4.13-8.GA_redhat_00001.1.el9ea |
redhat/eap7-wildfly-elytron | <0:1.15.20-1.Final_redhat_00001.1.el9ea | 0:1.15.20-1.Final_redhat_00001.1.el9ea |
redhat/eap7-activemq-artemis | <0:2.16.0-15.redhat_00049.1.el7ea | 0:2.16.0-15.redhat_00049.1.el7ea |
redhat/eap7-bouncycastle | <0:1.76.0-4.redhat_00001.1.el7ea | 0:1.76.0-4.redhat_00001.1.el7ea |
redhat/eap7-hal-console | <0:3.3.19-1.Final_redhat_00001.1.el7ea | 0:3.3.19-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.31-1.Final_redhat_00001.1.el7ea | 0:5.3.31-1.Final_redhat_00001.1.el7ea |
redhat/eap7-ironjacamar | <0:1.5.15-1.Final_redhat_00001.1.el7ea | 0:1.5.15-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-marshalling | <0:2.0.13-2.SP1_redhat_00001.1.el7ea | 0:2.0.13-2.SP1_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.12.2-1.Final_redhat_00001.1.el7ea | 0:1.12.2-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.10.0-31.Final_redhat_00030.1.el7ea | 0:1.10.0-31.Final_redhat_00030.1.el7ea |
redhat/eap7-jboss-xnio-base | <0:3.8.10-1.Final_redhat_00001.1.el7ea | 0:3.8.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-netty | <0:4.1.94-1.Final_redhat_00001.1.el7ea | 0:4.1.94-1.Final_redhat_00001.1.el7ea |
redhat/eap7-netty-transport-native-epoll | <0:4.1.94-1.Final_redhat_00001.1.el7ea | 0:4.1.94-1.Final_redhat_00001.1.el7ea |
redhat/eap7-resteasy | <0:3.15.8-1.Final_redhat_00001.1.el7ea | 0:3.15.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.2.26-1.SP1_redhat_00001.1.el7ea | 0:2.2.26-1.SP1_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.4.13-8.GA_redhat_00001.1.el7ea | 0:7.4.13-8.GA_redhat_00001.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.15.20-1.Final_redhat_00001.1.el7ea | 0:1.15.20-1.Final_redhat_00001.1.el7ea |
npm/semver | >=7.0.0<7.5.2 | 7.5.2 |
npm/semver | <5.7.2 | 5.7.2 |
npm/semver | >=6.0.0<6.3.1 | 6.3.1 |
redhat/node-semver | <7.5.2 | 7.5.2 |
redhat/node-semver | <6.3.1 | 6.3.1 |
redhat/node-semver | <5.7.2 | 5.7.2 |
Npmjs Semver | <5.7.2 | |
Npmjs Semver | >=6.0.0<6.3.1 | |
Npmjs Semver | >=7.0.0<7.5.2 | |
IBM Cloud Pak for Business Automation | <=V23.0.1 - V23.0.1-IF002 | |
IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF024 | |
IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF006 and later fixesV22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)