NextGuard
UNKNOWNCVE-2021-27290

Regular Expression Denial of Service (ReDoS)

Platform

nodejs

Component

ssri

Fixed in

6.0.2

View on NVD

npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

How to fix

Actualice la versión del paquete ssri a la versión 8.0.1 o superior. Esto solucionará la vulnerabilidad de denegación de servicio causada por una expresión regular vulnerable. Ejecute `npm install ssri@latest` o `yarn upgrade ssri@latest` para actualizar.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free