npm

Severity: moderate

Regular Expression Denial of Service

ssri

Overview

Version of ssri prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode.

Remediation

Update to version 5.2.2 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Jamie Davis
    Apr 20th, 2018
  2. published

    Advisory published
    Feb 14th, 2018