Vulnerabilities > CVE-2015-8855 - Resource Management Errors vulnerability in Nodejs Node.Js

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
nodejs
CWE-399

Summary

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

Vulnerable Configurations

Part Description Count
Application
Nodejs
675

Common Weakness Enumeration (CWE)