GHSA-wxhq-pm8v-cw75

Опубликовано: 05 июн. 2019

Источник: github

Github: Прошло ревью

Описание

Regular Expression Denial of Service in clean-css

Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Recommendation

Upgrade to version 4.1.11 or higher.

Ссылки

https://github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3
https://www.npmjs.com/advisories/785

Пакеты

Наименование

clean-css

npm

Затронутые версииВерсия исправления

< 4.1.11

4.1.11

Дефекты

CWE-1333

Дефекты

CWE-1333