CVE-2021-27290

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27290

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27290.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27290

Aliases

GHSA-vx3p-948g-6vhq

Related

Published

2021-03-12T22:15:14Z

Modified

2024-09-18T03:13:34.867239Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

References

Affected packages

Alpine:v3.13 / nodejs

Package

Name: nodejs
Purl: pkg:apk/alpine/nodejs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

14.16.1-r1

Affected versions

4.*

4.4.3-r0

4.4.4-r0

4.4.5-r0

4.4.7-r0

4.5.0-r0

6.*

6.9.1-r0

6.9.1-r1

6.9.2-r0

6.9.4-r0

6.9.4-r1

6.9.5-r0

6.9.5-r1

6.10.0-r0

6.10.1-r0

6.10.3-r0

6.11.0-r0

6.11.1-r0

6.11.1-r1

6.11.1-r2

6.11.2-r0

6.11.3-r0

6.11.4-r0

6.11.5-r0

8.*

8.9.0-r0

8.9.1-r0

8.9.2-r0

8.9.3-r0

8.9.3-r1

8.9.4-r0

8.10.0-r0

8.11.0-r0

8.11.0-r1

8.11.1-r0

8.11.1-r1

8.11.1-r2

8.11.2-r0

8.11.3-r0

8.11.3-r1

8.11.3-r2

8.11.3-r3

8.11.4-r0

8.12.0-r0

10.*

10.13.0-r0

10.14.0-r0

10.14.1-r0

10.14.2-r0

10.15.1-r0

10.15.3-r0

10.16.0-r0

10.16.1-r0

10.16.2-r0

10.16.3-r0

12.*

12.13.0-r0

12.13.0-r1

12.13.1-r0

12.14.0-r0

12.14.1-r0

12.15.0-r0

12.15.0-r1

12.15.0-r2

12.16.2-r0

12.16.3-r0

12.16.3-r1

12.17.0-r0

12.18.0-r0

12.18.0-r1

12.18.0-r2

12.18.2-r0

12.18.3-r0

12.18.4-r0

12.19.0-r0

14.*

14.15.1-r0

14.15.3-r0

14.15.3-r1

14.15.3-r2

14.15.4-r0

14.15.5-r0

14.16.0-r0

14.16.1-r0

Debian:11 / node-ssri

Package

Name: node-ssri
Purl: pkg:deb/debian/node-ssri?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-ssri

Package

Name: node-ssri
Purl: pkg:deb/debian/node-ssri?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-ssri

Package

Name: node-ssri
Purl: pkg:deb/debian/node-ssri?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/npm/ssri

Affected ranges

Type: GIT
Repo: https://github.com/npm/ssri
Events: Introduced

0fb45e7e0eba615bf0080bf350c95e19412ff9a9

Fixed

b7c8c7c61db89aeb9fbf7596c0ef17071bc216ef

Affected versions

v5.*

v5.2.2

v5.2.3

v5.2.4

v5.3.0

v6.*

v6.0.0

v6.0.1