Описание
Regular expression denial of service in scss-tokenizer
All versions of the package scss-tokenizer prior to 0.4.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-25758
- https://github.com/sasstools/scss-tokenizer/issues/45
- https://github.com/sasstools/scss-tokenizer/pull/49
- https://github.com/sasstools/scss-tokenizer/commit/a53b6f233e648cc01acbdd89c58786cf8ba56e35
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936782
- https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884
Пакеты
scss-tokenizer
<= 0.4.2
0.4.3
Связанные уязвимости
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
All versions of package scss-tokenizer are vulnerable to Regular Expre ...