CVE Vulnerabilities

CVE-2021-27290

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

CVE-2021-27290 nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

Affected Software List

NameVendorVersion
Red Hat Enterprise Linux 8RedHatnodejs:12-8040020210708131418.522a0ee4
Red Hat Enterprise Linux 8RedHatnodejs:14-8040020210708154809.522a0ee4
Red Hat Software Collections for Red Hat Enterprise Linux 7RedHatrh-nodejs12-nodejs-0:12.22.2-1.el7
Red Hat Software Collections for Red Hat Enterprise Linux 7RedHatrh-nodejs14-nodejs-0:14.17.2-1.el7
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSRedHatrh-nodejs12-nodejs-0:12.22.2-1.el7
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSRedHatrh-nodejs14-nodejs-0:14.17.2-1.el7

Ubuntu

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Affected Software List

NameVendorVersion
Node-ssriUbuntu/upstream8.0.1
Node-ssriUbuntu/focal
Node-ssriUbuntu/groovyreached end-of-life
Node-ssriUbuntu/hirsute
Node-ssriUbuntu/devel
Node-ssriUbuntu/trustyout of standard support