USN-6065-1: css-what vulnerabilities
10 May 2023
Several security issues were fixed in css-what.
- node-css-what - A CSS selector parser
It was discovered that css-what incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2021-33587, CVE-2022-21222)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.