Advisories for Npm/Ssri package

2021

Uncontrolled Resource Consumption

ssri processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

2018

ReDoS

There is a Regular Expression Denial of Service vulnerability in the strict mode functionality.