1. Home
  2. Vulnerabilities
  3. CVE-2021-27290

CVE-2021-27290

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.24 % (64th)
0.24% Progress
Affected Products 3
Advisories 28
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2021-03-12 22:15:14
(3 years ago)
Updated Date
2022-05-13 20:51:41
(2 years ago)

Affected Products

Oracle

Siemens

Ssri Project

Configuration #1

    CPE23 From Up To
  Ssri Project Ssri for Node.js from 5.2.2 version and prior 6.0.2 version cpe:2.3:a:ssri_project:ssri::*:*:*:*:node.js >= 5.2.2 < 6.0.2
  Ssri Project Ssri for Node.js from 7.0.0 version and prior 8.0.1 version cpe:2.3:a:ssri_project:ssri::*:*:*:*:node.js >= 7.0.0 < 8.0.1

Configuration #2

    CPE23 From Up To
  Oracle Graalvm 20.3.3 cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise
  Oracle Graalvm 21.2.0 cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise

Configuration #3

    CPE23 From Up To
  Siemens Sinec Infrastructure Network Services prior 1.0.1.1 version cpe:2.3:a:siemens:sinec_infrastructure_network_services < 1.0.1.1