GHSA-325j-24f4-qv5x

Source

https://github.com/advisories/GHSA-325j-24f4-qv5x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-325j-24f4-qv5x/GHSA-325j-24f4-qv5x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-325j-24f4-qv5x

Aliases

CVE-2018-7651

Published

2018-03-07T22:22:20Z

Modified

2023-11-08T04:00:23.259650Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Regular Expression Denial of Service in ssri

Details

Version of ssri prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode.

Recommendation

Update to version 5.2.2 or later.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed_at": "2020-06-16T20:53:37Z",
    "nvd_published_at": null
}

References

Affected packages

npm / ssri

Package

Name: ssri; View open source insights on deps.dev
Purl: pkg:npm/ssri

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-325j-24f4-qv5x/GHSA-325j-24f4-qv5x.json"