Published: 30/09/2022 Updated: 08/08/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The package css-what prior to 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
css-what project css-what

Debian Bug report logs - #1032188 node-css-what: CVE-2022-21222 Package: node-css-what; Maintainer for node-css-what is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-css-what is src:node-css-what (PTS, buildd, popcon) Reported by: Bastien Roucariès <bastienroucaries@cyufr ...

Description The MITRE CVE dictionary describes this issue as: The package css-what before 213 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of indexjs The exploitation of this vulnerability could be triggered via the parse function ...

CWE-1333 https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488 https://github.com/fb55/css-what/blob/a38effd5a8f5506d75c7f8f13cbd8c76248a3860/index.js%23L12 https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-21222

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-21222

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect