Severity: moderate

    Regular Expression Denial of Service



    ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.


    Update to version 6.0.2 or 8.0.1 or later


    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory published
      Feb 14th, 2018
    2. reported

      Initial report by Jamie Davis
      Apr 20th, 2018