Css-What Project: >> Css-What Security Vulnerabilities
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-09-30
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-05-28