Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6065-1

Ubuntu Security Notice 6065-1 - It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6065-1May 10, 2023node-css-what vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 ESM- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:Several security issues were fixed in css-what.Software Description:- node-css-what: A CSS selector parserDetails:It was discovered that css-what incorrectly handled certain inputs. If a useror an automated system were tricked into opening a specially crafted inputfile, a remote attacker could possibly use this issue to cause a denial ofservice. (CVE-2021-33587, CVE-2022-21222)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 ESM:   node-css-what                   3.2.1-1ubuntu0.1~esm1Ubuntu 18.04 LTS:   node-css-what                   2.1.0-1+deb10u1build0.18.04.1Ubuntu 16.04 ESM:   node-css-what                   2.1.0-1ubuntu0.16.04.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6065-1   CVE-2021-33587, CVE-2022-21222Package Information: https://launchpad.net/ubuntu/+source/node-css-what/2.1.0-1+deb10u1build0.18.04.1

Related news

GHSA-p28h-cc7q-c4fg: css-what vulnerable to ReDoS due to use of insecure regular expression

The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of insecure regular expression in the `re_attr` variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

CVE-2022-21222: Snyk Vulnerability Database | Snyk

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

CVE-2021-33587: Release v5.0.1 · fb55/css-what

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution