Exponential ReDoS in semver-regex leads to denial of service
semver-regex (,3.1.3]|[4.0.0,4.0.2], fixed in 3.1.4 and 4.0.3
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the
'0.0.1-' + '-.--'.repeat(i) + ' '
No mitigations are supplied for this issue