npm ssri
5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
{ "nvd_published_at": "2021-03-12T22:15:00Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-03-15T18:24:30Z" }