VYPR
High severityNVD Advisory· Published Jun 27, 2022· Updated Apr 23, 2025

Improper handling of CSS at-rules in lettersanitizer

CVE-2022-31103

Description

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lettersanitizernpm
< 1.0.21.0.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.