High severityNVD Advisory· Published Oct 31, 2022· Updated Jun 1, 2025
CVE-2022-37620
CVE-2022-37620
Description
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
html-minifiernpm | <= 4.0.0 | — |
Affected products
8- kangax/html-minifierdescription
- osv-coords7 versionspkg:apk/chainguard/jitsucom-jitsupkg:apk/chainguard/jitsucom-jitsu-consolepkg:apk/chainguard/jitsucom-jitsu-rotorpkg:apk/wolfi/jitsucom-jitsupkg:apk/wolfi/jitsucom-jitsu-consolepkg:apk/wolfi/jitsucom-jitsu-rotorpkg:npm/html-minifier
< 2.8.4-r0+ 6 more
- (no CPE)range: < 2.8.4-r0
- (no CPE)range: < 2.8.4-r0
- (no CPE)range: < 2.8.4-r0
- (no CPE)range: < 2.8.4-r0
- (no CPE)range: < 2.8.4-r0
- (no CPE)range: < 2.8.4-r0
- (no CPE)range: <= 4.0.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-pfq8-rq6v-vf5mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-37620ghsaADVISORY
- github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.jsghsaWEB
- github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.jsghsaWEB
- github.com/kangax/html-minifier/issues/1135ghsaWEB
- security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181ghsaWEB
News mentions
0No linked articles in our index yet.