{"id":"CVE-2021-43307","details":"An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method","aliases":["GHSA-4x5v-gmq8-25ch"],"modified":"2026-04-10T04:39:59.310509Z","published":"2022-06-02T14:15:30.987Z","related":["CGA-qv2c-6rqg-4j2q"],"references":[{"type":"EVIDENCE","url":"https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sindresorhus/semver-regex","events":[{"introduced":"0"},{"fixed":"906cf402ca0509a17343c02527bcf3cc42194973"},{"introduced":"80cd2f24ea12f55e69b179b633e9c3a133221819"},{"fixed":"65fc4a43703fd1432fa10c6a1c60568dbe9b5032"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.1.4"},{"introduced":"4.0.0"},{"fixed":"4.0.3"}]}}],"versions":["v0.1.0","v0.1.1","v1.0.0","v2.0.0","v3.0.0","v3.1.0","v3.1.1","v3.1.2","v4.0.0","v4.0.1","v4.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43307.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}