ID CVE-2021-27290
Summary ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
References
Vulnerable Configurations
  • cpe:2.3:a:ssri_project:ssri:7.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:7.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:7.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:7.0.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:7.1.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:7.1.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:8.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:8.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:5.2.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:5.2.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:5.2.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:5.2.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:5.2.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:5.2.4:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:5.3.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:5.3.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:6.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:6.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:ssri_project:ssri:6.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:ssri_project:ssri:6.0.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-05-2022 - 20:51)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
Last major update 13-05-2022 - 20:51
Published 12-03-2021 - 22:15
Last modified 13-05-2022 - 20:51
Back to Top