CVE-2022-25758

Опубликовано: 01 июл. 2022

Источник: debian

EPSS Низкий

Описание

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-scss-tokenizer	itp			package

EPSS

Процентиль: 65%

0.00493

Низкий

Связанные уязвимости

CVE-2022-25758

CVSS3: 5.3

ubuntu

больше 3 лет назад

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

CVE-2022-25758

CVSS3: 5.3

redhat

больше 3 лет назад

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

CVE-2022-25758

CVSS3: 5.3

nvd

больше 3 лет назад

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

GHSA-7mwh-4pqv-wmr8

CVSS3: 7.5

github

больше 3 лет назад

Regular expression denial of service in scss-tokenizer

EPSS

Процентиль: 65%

0.00493

Низкий