CVE-2021-27290

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27290

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27290.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-27290

Aliases

GHSA-vx3p-948g-6vhq

Downstream

ALPINE-CVE-2021-27290

DEBIAN-CVE-2021-27290

OESA-2022-1620

RHSA-2021:2931

RHSA-2021:2932

RHSA-2021:3073

RHSA-2021:3074

RHSA-2021:3638

RHSA-2021:3639

SUSE-SU-2021:2319-1

SUSE-SU-2021:2323-1

SUSE-SU-2021:2326-1

SUSE-SU-2021:2327-1

SUSE-SU-2021:2353-1

SUSE-SU-2021:2354-1

SUSE-SU-2021:2618-1

SUSE-SU-2021:2620-1

UBUNTU-CVE-2021-27290

openSUSE-SU-2021:1059-1

openSUSE-SU-2021:1060-1

openSUSE-SU-2021:1061-1

openSUSE-SU-2021:1113-1

openSUSE-SU-2021:2327-1

openSUSE-SU-2021:2353-1

openSUSE-SU-2021:2354-1

openSUSE-SU-2021:2618-1

openSUSE-SU-2024:11096-1

Related

Published

2021-03-12T22:15:14Z

Modified

2025-10-08T04:25:58.005735Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

References

Affected packages

Git / github.com/npm/ssri

Affected ranges

Type: GIT
Repo: https://github.com/npm/ssri
Events: Introduced

0fb45e7e0eba615bf0080bf350c95e19412ff9a9

Fixed

b7c8c7c61db89aeb9fbf7596c0ef17071bc216ef

Affected versions

v5.*

v5.2.2

v5.2.3

v5.2.4

v5.3.0

v6.*

v6.0.0

v6.0.1