npm package
css-what
pkg:npm/css-what
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-21222 | — | < 2.1.3 | 2.1.3 | Sep 30, 2022 | The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | ||
| CVE-2021-33587 | — | >= 4.0.0, < 5.0.1 | 5.0.1 | May 28, 2021 | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. |
- CVE-2022-21222Sep 30, 2022affected < 2.1.3fixed 2.1.3
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.
- CVE-2021-33587May 28, 2021affected >= 4.0.0, < 5.0.1fixed 5.0.1
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.