Ssri Project Ssri vulnerabilities

2 known vulnerabilities affecting ssri_project/ssri.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2021-27290HIGHCVSS 7.5≥ 5.2.2, < 6.0.2≥ 7.0.0, < 8.0.12021-03-12

CVE-2021-27290 [HIGH] CVE-2021-27290: ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

CVE-2018-7651MEDIUMCVSS 5.9fixed in 5.2.22018-03-04

CVE-2018-7651 [MEDIUM] CWE-400 CVE-2018-7651: index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of serv index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.