GHSA-wxhq-pm8v-cw75 – clean-css

Package

Manager: npm
Name: clean-css
Vulnerable Version: >=0 <4.1.11

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Regular Expression Denial of Service in clean-css Version of `clean-css` prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. ## Recommendation Upgrade to version 4.1.11 or higher.

Metadata

Created: 2019-06-05T20:50:16Z
Modified: 2020-08-31T18:35:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-wxhq-pm8v-cw75/GHSA-wxhq-pm8v-cw75.json
CWE IDs: ["CWE-1333"]
Alternative ID: N/A
Finding: F211
Auto approve: 1