Описание
Denial of service in css-what
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-33587
- https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
- https://github.com/fb55/css-what/releases/tag/v5.0.1
- https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html
- https://security.netapp.com/advisory/ntap-20210706-0007
Пакеты
css-what
>= 4.0.0, <= 5.0.0
5.0.1
Связанные уязвимости
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...
Уязвимость анализатора селекторов CSS Node-css-what, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании