This page collects WhisperX intelligence signals tagged #CVE-2022-25883. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A medium-severity Regular Expression Denial of Service (ReDoS) vulnerability, tracked as CVE-2022-25883, has been detected in a legacy version of the `semver` package, a core semantic versioning parser used by npm. The flaw, present in versions before 7.5.2, resides in the `new Range()` function and can be triggered wh...
A medium-severity vulnerability, CVE-2022-25883, has been detected in a legacy version of the `semver` library, a core semantic versioning parser used by npm and embedded in countless Node.js projects. The flaw, a Regular Expression Denial of Service (ReDoS) in the `new Range()` function, exposes a critical attack vect...
A critical, actively reachable vulnerability has been identified in the widely-used `semver` npm package, version 7.3.4, directly exposing the `achilles-frontend` project. The flaw, tracked as CVE-2022-25883 with a CVSS score of 5.3 (Medium severity), is not just a dormant library issue—it is flagged as 'reachable,' me...
在 JavaScript 构建工具 babel-loader 的 8.3.0 版本中,安全扫描发现了两个中等级别的漏洞,但分析报告将其标记为“不可达”。这一判定意味着,尽管漏洞存在于依赖库中,但当前的代码路径可能无法触发它们,从而降低了直接的利用风险。然而,这种“不可达”状态依赖于特定的项目配置和代码使用方式,为依赖管理带来了潜在的模糊地带。 具体而言,这两个漏洞均位于 babel-loader 的间接依赖(Transitive Dependency)中。其中一个被标识为 CVE-2022-25883,CVSS 评分为 5.3(中危),影响的是 `semver` 库的 6.3.0 版本。报告显示,该漏洞已有概念验证(Proof o...