vulnerability
Red Hat JBoss EAP: CVE-2022-25883: Inefficient Regular Expression Complexity
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jun 21, 2023 | Sep 19, 2024 | Jul 9, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 21, 2023
Added
Sep 19, 2024
Modified
Jul 9, 2025
Description
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.. A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-1333
- CVE-2022-25883
- https://attackerkb.com/topics/CVE-2022-25883
- URL-https://access.redhat.com/security/cve/CVE-2022-25883
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2216475
- URL-https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
- URL-https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
- URL-https://access.redhat.com/errata/RHSA-2023:5484
- URL-https://access.redhat.com/errata/RHSA-2023:5485
- URL-https://access.redhat.com/errata/RHSA-2023:5486
- URL-https://access.redhat.com/errata/RHSA-2023:5488
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.