Back to bug 2216475
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-06-26 07:54:56 UTC | Blocks | 2216477 | |
| CC | hhorak, jorton, nodejs-maint | |||
| Sandipan Roy | 2023-06-26 07:55:10 UTC | Summary | TRIAGE-CVE-2022-25883 nodejs-semver: Regular expression denial of service | CVE-2022-25883 nodejs-semver: Regular expression denial of service |
| Alias | TRIAGE-CVE-2022-25883 | CVE-2022-25883 | ||
| Sandipan Roy | 2023-06-26 07:55:44 UTC | Depends On | 2217402 | |
| Product Security DevOps Team | 2023-06-26 12:04:55 UTC | Resolution | --- | UPSTREAM |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-26 12:04:55 UTC | |||
| TEJ RATHI | 2023-07-12 14:08:14 UTC | CC | aazores, abobrov, adupliak, aileenc, alampare, alazarot, amctagga, aoconnor, asoldano, aveerama, bbaranow, bbuckingham, bcourt, bdettelb, bmaxwell, bniver, boliveir, brian.stansberry, cdewolf, chazlett, cluster-maint, darran.lofthouse, davidn, dcadzow, desktop-qa-list, dhanak, dkenigsb, dkreling, dosoudil, drichtar, dsimansk, dymurray, eaguilar, ebaron, ehelms, elima, ellin, emingora, epacific, erack, eric.wittmann, fdeutsch, fjuma, flucifre, fmuellner, fzatlouk, gjospin, gmalinko, gmeno, gparvin, hbraun, hhorak, ibek, ibolton, idevat, idm-ds-dev-bugs, ivassile, iweiss, janstey, jcammara, jcantril, jhardy, jhorak, jistone, jkang, jkoehler, jkozol, jkurik, jmatthew, jmontleo, jneedle, jobarker, jorton, jpallich, jrokos, jrybar, jscotka, jshaughn, jsherril, jwendell, jweng, klember, kverlaen, lbacciot, lball, lgao, lzap, mabashia, matzew, mbenjamin, mhackett, mhulan, michal.skrivanek, mlisik, mnovotny, mosmerov, mperina, mpitt, mpospisi, msochure, mstefank, msvehla, mwringe, myarboro, nathans, nbecker, nboldt, njean, nmoumoul, nodejs-maint, nwallace, ocs-bugs, omular, orabin, oramraz, osapryki, owatkins, pahickey, pantinor, pcpbot, pcreech, pdelbell, pdrozd, peholase, periklis, pjindal, pmackay, pskopek, rcernich, rchan, release-test-team, rgarg, rguimara, rhuss, rjohnson, rowaters, rstancel, ruby-maint, saroy, sbonazzo, scorneli, scox, sfroberg, sgott, sgratch, shbose, simaishi, sipoyare, skontopo, slucidi, smaestri, smcdonal, smullick, sostapov, sseago, stcannon, sthorger, stransky, teagle, thrcka, tojeline, tom.jenkinson, tpopela, twalsh, ubhargav, vereddy, yguenane, zsadeh, zsvetlik | |
| TEJ RATHI | 2023-07-12 15:35:06 UTC | Status | CLOSED | NEW |
| Resolution | UPSTREAM | --- | ||
| Keywords | Reopened | |||
| TEJ RATHI | 2023-07-12 16:01:45 UTC | Doc Text | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. An attacker could exploit this vulnerability by passing untrusted, malicious regex user data as a range, causing the service to excessively consume CPU (depending upon the input size), resulting in a Denial of Service. | |
| TEJ RATHI | 2023-07-12 16:08:12 UTC | Fixed In Version | node-semver 7.5.2, node-semver 6.3.1, node-semver 5.7.2 | |
| TEJ RATHI | 2023-07-12 16:09:38 UTC | Comment | 0 | updated |
| TEJ RATHI | 2023-07-12 16:11:51 UTC | CC | trathi | |
| TEJ RATHI | 2023-07-12 16:12:24 UTC | Comment | 3 | updated |
| Paige Jung | 2023-07-12 17:24:49 UTC | Doc Text | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. An attacker could exploit this vulnerability by passing untrusted, malicious regex user data as a range, causing the service to excessively consume CPU (depending upon the input size), resulting in a Denial of Service. | A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. |
| TEJ RATHI | 2023-07-13 04:30:16 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| TEJ RATHI | 2023-07-13 04:34:56 UTC | CC | adudiak, kshier, tfister | |
| TEJ RATHI | 2023-07-13 04:39:10 UTC | Depends On | 2222521, 2222524, 2222512, 2222523, 2222507, 2222522, 2222515, 2222511, 2222517, 2222513, 2222514, 2222518, 2222520, 2222525, 2222516, 2222510, 2222508, 2222519, 2222509 | |
| TEJ RATHI | 2023-07-13 04:47:49 UTC | Depends On | 2222528, 2222529, 2222527 | |
| TEJ RATHI | 2023-07-13 04:50:55 UTC | Depends On | 2222530 | |
| TEJ RATHI | 2023-07-13 04:53:12 UTC | Depends On | 2222531, 2222532 | |
| TEJ RATHI | 2023-07-13 04:59:45 UTC | Depends On | 2222535, 2222539, 2222536, 2222540, 2222542, 2222538, 2222534, 2222541, 2222533, 2222537 | |
| TEJ RATHI | 2023-07-13 05:08:44 UTC | Depends On | 2222551, 2222548, 2222549, 2222544, 2222550, 2222553, 2222546, 2222545, 2222547, 2222552 | |
| TEJ RATHI | 2023-07-13 06:12:15 UTC | CC | jistone, sipoyare | |
| TEJ RATHI | 2023-07-13 06:18:37 UTC | Depends On | 2222564, 2222562, 2222563, 2222561 | |
| TEJ RATHI | 2023-07-13 06:21:39 UTC | Depends On | 2222568, 2222567, 2222569, 2222566, 2222565 | |
| Tomas Popela | 2023-07-13 06:54:05 UTC | CC | abobrov, erack, fmuellner, jhorak, klember, stransky, tpopela | |
| Jan Rybar | 2023-07-19 06:45:42 UTC | CC | jrybar | |
| errata-xmlrpc | 2023-08-02 13:49:51 UTC | Link ID | Red Hat Product Errata RHSA-2023:4341 | |
| Product Security DevOps Team | 2023-08-02 18:10:14 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-06-26 12:04:55 UTC | 2023-08-02 18:10:14 UTC | ||
| Vít Ondruch | 2023-08-03 07:26:23 UTC | CC | ruby-maint | |
| RHEL Program Management Team | 2023-08-24 10:41:21 UTC | Depends On | 2234408 | |
| RHEL Program Management Team | 2023-08-24 10:42:39 UTC | Depends On | 2234413 | |
| RHEL Program Management Team | 2023-08-24 13:12:24 UTC | Depends On | 2234449 | |
| RHEL Program Management Team | 2023-08-24 13:12:31 UTC | Depends On | 2234450 |
Back to bug 2216475