Published: 12/03/2021 Updated: 13/05/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A security issue has been found in Node.js prior to 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be vulnerable to denial of service attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ssri project ssri
oracle graalvm 20.3.3
oracle graalvm 21.2.0
siemens sinec infrastructure network services

Debian Bug report logs - #985841 node-ssri: CVE-2021-27290 Package: src:node-ssri; Maintainer for src:node-ssri is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Mar 2021 18:27:01 UTC Severity: important Tags: pending, ...

ssri 522-800, fixed in 801, processes SRIs using a regular expression which is vulnerable to a denial of service Malicious SRIs could take an extremely long time to process, leading to denial of service This issue only affects consumers using the strict option ...

A security issue has been found in Nodejs before versions 1641, 14172 and 12222 There is a vulnerability in the ssri npm module which may be vulnerable to denial of service attacks ...

Critical Infrastructure Sectors: Energy

NVD-CWE-Other https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf https://npmjs.com https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf https://www.oracle.com/security-alerts/cpuoct2021.html https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985841 https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09 https://security.archlinux.org/CVE-2021-27290

CVE-2021-27290

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect