{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:55:01.641","vulnerabilities":[{"cve":{"id":"CVE-2021-27290","sourceIdentifier":"cve@mitre.org","published":"2021-03-12T22:15:14.843","lastModified":"2024-11-21T05:57:45.503","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option."},{"lang":"es","value":"ssri versión 5.2.2-8.0.0, corregido en versión 8.0.1, procesa los SRI usando una expresión regular que es vulnerable a una denegación de servicio. Los SRI maliciosos pueden tardar mucho en procesarse, conllevando a una denegación del servicio. Este problema solo afecta a  consumidores que usan la opción estricta"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ssri_project:ssri:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.2.2","versionEndExcluding":"6.0.2","matchCriteriaId":"97535BF1-C00D-4D6C-A201-26593DA55635"},{"vulnerable":true,"criteria":"cpe:2.3:a:ssri_project:ssri:*:*:*:*:*:node.js:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"8.0.1","matchCriteriaId":"4AC74498-E825-4FA7-A724-192949C07FA8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"53B2BB06-A2F7-4603-89C3-C8500E55483A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"01E88C86-8C04-4A4A-BF45-9082AA783056"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://npmjs.com","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://npmjs.com","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}