ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
HIGH Vulnerable Package issue exists @ ssri in branch main
Description
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
HIGH Vulnerable Package issue exists @ ssri in branch main
Vulnerability ID: CVE-2021-27290
Package Name: ssri
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2021-03-12T22:15:00
Current Package Version: 6.0.1
Remediation Upgrade Recommendation: 6.0.2
Link To SCA
Reference – NVD link