npm package
scss-tokenizer
pkg:npm/scss-tokenizer
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25758 | — | < 0.4.3 | 0.4.3 | Jul 1, 2022 | All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. |
- CVE-2022-25758Jul 1, 2022affected < 0.4.3fixed 0.4.3
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.