Description
Version of ssri prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode.
Recommendation
Update the ssri package to the latest compatible version. Followings are version details:
- Affected version(s): < 5.2.2
- Patched version(s): 5.2.2
References
Related Issues
- Regular Expression Denial of Service (ReDoS) (GHSA-vx3p-948g-6vhq) - CVE-2021-27290
- Marked allows Regular Expression Denial of Service (ReDoS) attacks - CVE-2018-25110
- Regular Expression Denial of Service in highcharts (GHSA-xmc8-cjfr-phx3) - CVE-2018-20801
- Regular Expression Denial of Service in sshpk - CVE-2018-3737
- Tags:
- npm
- ssri
Anything's wrong? Let us know Last updated on January 09, 2023