itsKedar / TodoList_mern

0 stars 0 forks source link

CX: CVE-2021-27290 in Npm-ssri and 6.0.1 @ TodoList_mern.main #28

Open itsKedar opened 2 years ago

itsKedar commented 2 years ago

Description

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

HIGH Vulnerable Package issue exists @ ssri in branch main

Vulnerability ID: CVE-2021-27290

Package Name: ssri

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2021-03-12T22:15:00

Current Package Version: 6.0.1

Remediation Upgrade Recommendation: 6.0.2

Link To SCA

Reference – NVD link