CVE-2021-27290: Uncontrolled Resource Consumption

March 12, 2021 (updated May 13, 2022)

ssri processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

References

nvd.nist.gov/vuln/detail/CVE-2021-27290

Detect and mitigate CVE-2021-27290 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →