CVE-2021-43307
Regular expression denial of service in semver-regex
EPSS 0.58%
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
How to fix CVE-2021-43307
To remediate CVE-2021-43307, upgrade the affected package to a fixed version below.
- npm/semver-regex—upgrade to 3.1.4 or later
Is CVE-2021-43307 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.1.4