Headline
CVE-2021-33587: Release v5.0.1 · fb55/css-what
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Compare
Choose a tag to compare
Loading
· 148 commits to master since this release
v5.0.1
e9106aa
Compare
Choose a tag to compare
Loading
Fixes:
- Hand-roll attribute parsing (#503) 4cdaacf
- Attribute values are slightly more permissive now. Ensures attribute parsing will always be linear.
v5.0.0…v5.0.1