ssri is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string when the Integrity metadata is using the strict option. This results in a long processing time which would lead to the application crash.