CVE-2018-7651

low-risk

Published 2018-03-04

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Ssri

Affected Vendors

Ssri Project

References (6)

Patch https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d

Third Party Advisory https://github.com/zkat/ssri/issues/10

Third Party Advisory https://nodesecurity.io/advisories/565

Patch https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d

Third Party Advisory https://github.com/zkat/ssri/issues/10

Third Party Advisory https://nodesecurity.io/advisories/565

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal