ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-12T21:47:41

Updated: 2024-08-03T20:48:16.758Z

Reserved: 2021-02-16T00:00:00

Link: CVE-2021-27290

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-12T22:15:14.843

Modified: 2024-11-21T05:57:45.503

Link: CVE-2021-27290

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-12T00:00:00Z

Links: CVE-2021-27290 - Bugzilla