DEBIAN-CVE-2021-27290

DEBIAN-CVE-2021-27290 PUBLISHED CVSS 7.5 HIGH

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	node-ssri	0, 0, 0
Debian:12	node-ssri	0, 0, 0
Debian:13	node-ssri	0, 0, 0
Debian:14	node-ssri	0, 0, 0

Timeline

Mar 12, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-27290 advisory

Open in Interactive Console →