CVE-2015-8855
CVE Details
Last Update
7/31/2024
NIST CVE Summary
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Our Official Summary
This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.
CVE Severity
Status
Ongoing