Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-7mwh-4pqv-wmr8: Regular expression denial of service in scss-tokenizer

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

ghsa
Open in Source
#dos#nodejs#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-25758

Regular expression denial of service in scss-tokenizer

Moderate severity GitHub Reviewed Published Jul 2, 2022 • Updated Jul 6, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

npm scss-tokenizer (npm)

Affected versions

<= 0.4.2

Description

Related news

CVE-2022-25758: Regular Expression Denial of Service (ReDoS) in org.webjars.npm:scss-tokenizer | CVE-2022-25758 | Snyk

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters
ghsa