CVE Vulnerabilities

CVE-2021-27290

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

CVE-2021-27290 nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

Ubuntu

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Affected Software List

NameVendorVersion
Node-ssriUbuntu/focal
Node-ssriUbuntu/groovy
Node-ssriUbuntu/hirsute
Node-ssriUbuntu/trustyout of standard support
Node-ssriUbuntu/upstream8.0.1
Node-ssriUbuntu/devel