Alert IDs:
- b3661e51-6c6b-419b-8ef0-088b42feb83e
- e76eb061-170e-4cf3-8fb5-171c7c2ac305
Vulnerabilities in css-what
Release: 21st May Release
Total Vulnerabilities: 2
Severity: HIGH (Score: 7.5)
Description:
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-33587
Alert ID: b3661e51-6c6b-419b-8ef0-088b42feb83e
Severity: HIGH (Score: 5.9)
Description:
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21222
Alert ID: e76eb061-170e-4cf3-8fb5-171c7c2ac305
Alert IDs:
Vulnerabilities in css-what
Release: 21st May Release
Total Vulnerabilities: 2
1. CVE-2021-33587
Severity: HIGH (Score: 7.5)
Description:
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-33587
Alert ID: b3661e51-6c6b-419b-8ef0-088b42feb83e
2. CVE-2022-21222
Severity: HIGH (Score: 5.9)
Description:
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-21222
Alert ID: e76eb061-170e-4cf3-8fb5-171c7c2ac305