CVE-2022-31103

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.

Ссылки

https://github.com/mat-sz/lettersanitizer/commit/96d3dfe2ef0465d47324ed4d13e91ba0816a173f
Patch
Third Party Advisory
https://github.com/mat-sz/lettersanitizer/security/advisories/GHSA-7r3r-gq8p-v9jj
Third Party Advisory
https://github.com/mat-sz/react-letter/issues/17
Issue Tracking
Third Party Advisory
https://github.com/mat-sz/lettersanitizer/commit/96d3dfe2ef0465d47324ed4d13e91ba0816a173f
Patch
Third Party Advisory
https://github.com/mat-sz/lettersanitizer/security/advisories/GHSA-7r3r-gq8p-v9jj
Third Party Advisory
https://github.com/mat-sz/react-letter/issues/17
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lettersanitizer_project:lettersanitizer:*:*:*:*:*:node.js:*:*

Версия до 1.0.2 (исключая)

EPSS

Процентиль: 62%

0.00431

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-754

Связанные уязвимости

GHSA-7r3r-gq8p-v9jj