Merge pull request #6620 from github/mhassan1-GHSA-x5gf-qvw8-r2rm

advisory-database[bot] · web-flow · commit 85c706ce0618 · 2026-01-09T21:37:48.000Z
diff --git a/advisories/github-reviewed/2025/06/GHSA-x5gf-qvw8-r2rm/GHSA-x5gf-qvw8-r2rm.json b/advisories/github-reviewed/2025/06/GHSA-x5gf-qvw8-r2rm/GHSA-x5gf-qvw8-r2rm.json
@@ -1,21 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x5gf-qvw8-r2rm",
-  "modified": "2025-07-11T19:59:50Z",
+  "modified": "2025-07-11T19:59:51Z",
   "published": "2025-06-09T21:30:51Z",
   "aliases": [
     "CVE-2025-5891"
   ],
   "summary": "pm2 Regular Expression Denial of Service vulnerability",
-  "details": "A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.8. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "details": "A vulnerability classified as problematic was found in Unitech pm2. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
-    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -29,10 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
-            },
-            {
-              "last_affected": "6.0.8"
+              "introduced": "0.0.0"
             }
           ]
         }
@@ -44,10 +37,6 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5891"
     },
-    {
-      "type": "WEB",
-      "url": "https://github.com/Unitech/pm2/pull/5971"
-    },
     {
       "type": "WEB",
       "url": "https://gist.github.com/mmmsssttt404/407e2ffe3e0eaa393ad923a86316a385"
@@ -74,7 +63,7 @@
       "CWE-1333",
       "CWE-400"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-06-10T22:52:17Z",
     "nvd_published_at": "2025-06-09T19:15:25Z"
