Skip to main content

Css What

2 CVEs product

Monthly

CVE-2022-21222 npm HIGH POC PATCH This Week

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Css What
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-33587 npm HIGH PATCH This Week

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Css What E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Css What
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Css What +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy