exploitDog

CVE-2022-37620

Опубликовано: 31 окт. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.

Ссылки

https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338
Product
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294
Product
https://github.com/kangax/html-minifier/issues/1135
Issue Tracking
Mitigation
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338
Product
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294
Product
https://github.com/kangax/html-minifier/issues/1135
Issue Tracking
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:terser:html-minifier-terser:*:*:*:*:*:node.js:*:*

Версия до 7.2.0 (включая)

Конфигурация 2

cpe:2.3:a:kangax:html-minifier:*:*:*:*:*:node.js:*:*

Версия до 4.0.0 (включая)

EPSS

Процентиль: 65%

0.00482

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

CWE-1333

Связанные уязвимости

CVE-2022-37620

CVSS3: 7.5

debian

больше 3 лет назад

A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...

GHSA-pfq8-rq6v-vf5m

CVSS3: 7.5

github

больше 3 лет назад

kangax html-minifier REDoS vulnerability

EPSS

Процентиль: 65%

0.00482

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

CWE-1333