Headline
GHSA-7mwh-4pqv-wmr8: Regular expression denial of service in scss-tokenizer
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-25758
Regular expression denial of service in scss-tokenizer
Moderate severity GitHub Reviewed Published Jul 2, 2022 • Updated Jul 6, 2022
We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.
Package
npm scss-tokenizer (npm)
Affected versions
<= 0.4.2
Description
Related news
CVE-2022-25758: Regular Expression Denial of Service (ReDoS) in org.webjars.npm:scss-tokenizer | CVE-2022-25758 | Snyk
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.