Описание
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Ссылки
- PatchRelease NotesThird Party Advisory
- Third Party Advisory
- PatchRelease NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...
Уязвимость анализатора селекторов CSS Node-css-what, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3
5 Medium
CVSS2