First published: Sun Mar 04 2018(Updated: )
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ssri Project Ssri | <5.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7651 is a vulnerability in the ssri module for Node.js that allows for a regular expression denial of service attack.
If you are using the ssri module in Node.js versions before 5.2.2, you are vulnerable to a denial of service attack.
CVE-2018-7651 has a severity rating of 5.9 (medium).
To fix CVE-2018-7651, upgrade to ssri module version 5.2.2 or later.
You can find more information about CVE-2018-7651 in the references provided: [link 1](https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d), [link 2](https://github.com/zkat/ssri/issues/10), [link 3](https://nodesecurity.io/advisories/565).