mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
870 B
870 B
CVE-2022-21222
&color=brighgreen)
Description
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.
POC
Reference
- https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488
- https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488