---

CVE-2021-27290 - log back

CVE-2021-27290 edited at 02 Jul 2021 08:51:30
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A security issue has been found in Node.js before versions 16.4.1, 14.17.2 and 12.22.2. There is a vulnerability in the ssri npm module which may be vulnerable to denial of service attacks.
References	+ https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#npm-upgrade-ssri-regular-expression-denial-of-service-redos-high-cve-2021-27290 + https://github.com/advisories/GHSA-vx3p-948g-6vhq + https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf + https://github.com/npm/ssri/pull/17 + https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2
Notes

CVE-2021-27290 created at 02 Jul 2021 08:44:36