CVE-2022-25758

Опубликовано: 01 июл. 2022

Источник: ubuntu

Приоритет: low

CVSS2: 5

CVSS3: 5.3

Описание

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

Релиз	Статус	Примечание
bionic	DNE
devel	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
focal	ignored	end of standard support, was needs-triage
impish	ignored	end of life
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2022-25758

CVSS3: 5.3

redhat

больше 3 лет назад

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

CVE-2022-25758

CVSS3: 5.3

nvd

больше 3 лет назад

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

CVE-2022-25758

CVSS3: 5.3

debian

больше 3 лет назад

All versions of package scss-tokenizer are vulnerable to Regular Expre ...

GHSA-7mwh-4pqv-wmr8

CVSS3: 7.5

github

больше 3 лет назад

Regular expression denial of service in scss-tokenizer

5 Medium

CVSS2

5.3 Medium

CVSS3

CVE-2022-25758

Описание

Пакет node-node-sass

Ссылки на источники

Связанные уязвимости