ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
CPE | Name | Operator | Version |
---|---|---|---|
nodejs | eq | 14.15.3-r2 | |
nodejs | eq | 8.9.2-r0 | |
nodejs | eq | 6.11.1-r2 | |
nodejs | eq | 6.10.1-r0 | |
nodejs | eq | 8.9.3-r0 | |
hosted-git-info | eq | 5.2.2 | |
nodejs | eq | 12.18.0-r1 | |
hosted-git-info | eq | 7.0.0 | |
nodejs | eq | 4.5.0-r0 | |
nodejs | eq | 12.18.0-r0 |