UBUNTU-CVE-2021-27290

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2021-27290

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-27290.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-27290

Related

CVE-2021-27290

Published

2021-03-12T22:15:00Z

Modified

2021-03-12T22:15:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

References

Affected packages

Ubuntu:18.04:LTS / node-ssri

Package

Name: node-ssri
Purl: pkg:deb/ubuntu/node-ssri@5.0.0-1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.0-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "node-ssri": "5.0.0-1"
        }
    ]
}

Ubuntu:20.04:LTS / node-ssri

Package

Name: node-ssri

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.4-2

6.*

6.0.1-2

7.*

7.1.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / node-ssri

Package

Name: node-ssri

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}