VDB
ALPINE-CVE-2021-27290
ALPINE-CVE-2021-27290
PUBLISHED
CVSS 7.5 HIGH
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.13 | nodejs | 0, 10.13.0-r0, 10.14.0-r0 |
Timeline
- Mar 12, 2021 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch