CVE-2022-25887

Опубликовано: 30 авг. 2022

Источник: debian

EPSS Низкий

Описание

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-sanitize-html	fixed	2.7.1+~2.6.2-1		package

Примечания

https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c (2.7.1)
https://github.com/apostrophecms/sanitize-html/pull/557
https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526

EPSS

Процентиль: 46%

0.00231

Низкий

Связанные уязвимости

CVE-2022-25887

CVSS3: 5.3

ubuntu

больше 3 лет назад

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

CVE-2022-25887

CVSS3: 5.3

redhat

больше 3 лет назад

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

CVE-2022-25887

CVSS3: 5.3

nvd

больше 3 лет назад

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

GHSA-cgfm-xwp7-2cvr

CVSS3: 7.5

github

больше 3 лет назад

Sanitize-html Vulnerable To REDoS Attacks

EPSS

Процентиль: 46%

0.00231

Низкий