Ssri
Monthly
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.