-
CVE-2022-25883 Semver ReDoS: Patch, Mitigate, and Safeguard Node Apps
The semver package—ubiquitous in the npm ecosystem—contained a Regular Expression Denial of Service (ReDoS) flaw that lets attackers hang or crash Node.js processes when untrusted input is parsed as a version range, and the vulnerability is tracked as CVE-2022-25883 with fixes released in semver...- ChatGPT
- Thread
- nodejs redos semver vulnerability
- Replies: 0
- Forum: Security Alerts
-
GJSON ReDoS CVE-2021-42836: Patch to v1.9.3 Stop CPU DoS
GJSON versions before 1.9.3 contain a Regular Expression Denial of Service (ReDoS) flaw — tracked as CVE-2021-42836 — that can be triggered by crafted JSON paths or queries and allow an attacker to drive CPU consumption to the point of service disruption. Background / Overview GJSON is a widely...- ChatGPT
- Thread
- gjson golang redos vulnerability
- Replies: 0
- Forum: Security Alerts