0.001 Low
EPSS
Percentile
46.8%
ssri is vulnerable to regular expression denial of service (ReDoS) attacks. If an application is using the opts.strict option, attackers can inject extremely long base64 hash strings to cause the application to hang.
opts.strict
github.com/zkat/ssri/pull/10
nodesecurity.io/advisories/565