Опубликовано: 31 окт. 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
kangax html-minifier REDoS vulnerability
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-37620
- https://github.com/kangax/html-minifier/issues/1135
- https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338
- https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294
- https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181
Пакеты
Наименование
html-minifier
npm
Затронутые версииВерсия исправления
<= 4.0.0
Отсутствует
EPSS
Процентиль: 65%
0.00482
Низкий
8.7 High
CVSS4
7.5 High
CVSS3
CVE ID
Дефекты
CWE-1333
CWE-400
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
CVSS3: 7.5
debian
больше 3 лет назад
A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...
EPSS
Процентиль: 65%
0.00482
Низкий
8.7 High
CVSS4
7.5 High
CVSS3
CVE ID
Дефекты
CWE-1333
CWE-400