Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Css\-What
(Css\-What_project)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-05-28 | CVE-2021-33587 | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. | Css\-What, E\-Series_performance_analyzer | 7.5 | ||
2022-09-30 | CVE-2022-21222 | The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | Css\-What | 7.5 |