Version: latest

CVE-2015-8855

CVE Details

CVE-2015-8855

Last Update

7/31/2024

NIST CVE Summary

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

Our Official Summary

This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

Palette VerteX 4.4.11

Revision History

1.0 07/31/2024 Initial Publication
2.0 08/17/2024 Remediated in Palette VerteX 4.4.14

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​