Semver Package Denial of Service Vulnerability

CVE-2015-8855 · HIGH Severity

AV:N/AC:L/AU:N/C:N/I:N/A:C

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

Learn more about our Web Application Penetration Testing UK.