7.5
CVE-2021-27290
- EPSS 2.67%
- Veröffentlicht 12.03.2021 22:15:14
- Zuletzt bearbeitet 21.11.2024 05:57:45
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ssri Project ≫ Ssri SwPlatformnode.js Version >= 5.2.2 < 6.0.2
Ssri Project ≫ Ssri SwPlatformnode.js Version >= 7.0.0 < 8.0.1
Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.67% | 0.853 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|