CVE-2018-7651

Опубликовано: 04 мар. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.

Ссылки

https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
Patch
Third Party Advisory
https://github.com/zkat/ssri/issues/10
Third Party Advisory
https://nodesecurity.io/advisories/565
Third Party Advisory
https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
Patch
Third Party Advisory
https://github.com/zkat/ssri/issues/10
Third Party Advisory
https://nodesecurity.io/advisories/565
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ssri_project:ssri:*:*:*:*:*:node.js:*:*

Версия до 5.2.2 (исключая)

EPSS

Процентиль: 59%

0.00377

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2018-7651

CVSS3: 5.9

ubuntu

почти 8 лет назад

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.

CVE-2018-7651

CVSS3: 5.9

debian

почти 8 лет назад

index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...

GHSA-325j-24f4-qv5x

CVSS3: 5.9

github

почти 8 лет назад

Regular Expression Denial of Service in ssri

EPSS

Процентиль: 59%

0.00377

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-400