Headline

GHSA-p28h-cc7q-c4fg: css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

2 years ago

ghsa

Open in Source

#vulnerability #dos #js #git

css-what vulnerable to ReDoS due to use of insecure regular expression

High severity GitHub Reviewed Published Oct 1, 2022 • Updated Oct 4, 2022

Related news

Ubuntu Security Notice USN-6065-1

Ubuntu Security Notice 6065-1 - It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

1 year ago

Packet Storm

Open in Source

#vulnerability #ubuntu #dos

CVE-2022-21222: Snyk Vulnerability Database | Snyk

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

2 years ago

CVE

Open in Source

#vulnerability #mac #ddos #dos #js #git