CVE-2018-7651

MEDIUM5.9EPSS 0.38%

Regular Expression Denial of Service in ssri

發布日:2018/3/7修改日:2023/11/8

也稱為:GHSA-325j-24f4-qv5xDEBIAN-CVE-2018-7651

描述

Version of `ssri` prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode. ## Recommendation Update to version 5.2.2 or later.

受影響套件(2)

Debian/node-ssrifrom 0, < 5.2.4-1
npm/ssrifrom 0, < 5.2.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(7)

ADVISORYhttps://github.com/advisories/GHSA-325j-24f4-qv5x
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-7651
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-7651
PATCHhttps://github.com/zkat/ssri
WEBhttps://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
WEBhttps://github.com/zkat/ssri/issues/10
WEBhttps://www.npmjs.com/advisories/565