Your submission was sent successfully! Close

CVE-2022-21222

Published: 30 September 2022

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
node-css-what
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

kinetic Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)