CVE-2021-27290
Description
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.628
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 12 (x64) (12.22.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 12 (12.22.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 14 (x64) (14.17.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 14 (14.17.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 16 (16.20.1) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 16 (x64) (16.20.1) | Windows |
| Multiple vulnerabilities are affected in Oracle GraalVM Enterprise Edition 20.3.3 | Windows |
| Multiple vulnerabilities are affected in Oracle GraalVM Enterprise Edition 21.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1 | Windows |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-debugsource-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-devel-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-docs-12.22.3-2.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-full-i18n-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update npm-6.14.13-1.12.22.3.2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-debugsource-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-devel-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-docs-14.17.3-2.module+el8.4.0+11738+3bd42762.noarch.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-full-i18n-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update npm-6.14.13-1.14.17.3.2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3073) nodejs-12.22.3-2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3073) nodejs-devel-12.22.3-2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3073) nodejs-docs-12.22.3-2.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3073) nodejs-full-i18n-12.22.3-2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3073) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3073) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3073) npm-6.14.13-1.12.22.3.2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3623) nodejs-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3623) nodejs-devel-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3623) nodejs-docs-12.22.5-1.module+el8.4.0+20308+065a70e3.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3623) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3623) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3666) nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3666) nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3666) nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3666) nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3666) nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3666) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2021-3666) npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| nodejs:12 security, bug fix, and enhancement update (RLSA-2021:3073) nodejs-nodemon-2.0.3-1.module+el8.4.0+638+5344c6f7.noarch.rpm | Linux |
| nodejs:12 security, bug fix, and enhancement update (RLSA-2021:3073) nodejs-packaging-17-3.module+el8.3.0+101+f84c7154.noarch.rpm | Linux |
| nodejs:12 security, bug fix, and enhancement update (RLSA-2021:3073) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| nodejs:14 security, bug fix, and enhancement update (RLSA-2021:3074) nodejs-packaging-23-3.module+el8.7.0+1071+4bdda2a8.noarch.rpm | Linux |
| nodejs:14 security, bug fix, and enhancement update (RLSA-2021:3074) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-331256 | Node.js 16 (16.20.1) |
| PATCH-331257 | Node.js 16 (x64) (16.20.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234