vulnerability
Oracle Linux: CVE-2021-27290: ELSA-2021-3073: nodejs:12 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Mar 12, 2021 | Aug 12, 2021 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Mar 12, 2021
Added
Aug 12, 2021
Modified
Dec 3, 2025
Description
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers
using the strict option. The highest threat from this vulnerability is to availability.
A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers
using the strict option. The highest threat from this vulnerability is to availability.
Solutions
oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.