PT-2019-20078 · Clean-Css · Clean-Css
Published
2019-06-05
·
Updated
2019-06-05
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
clean-css versions prior to 4.1.11
Description
The issue is related to Regular Expression Denial of Service (ReDoS) in the
clean-css library. Untrusted input may cause catastrophic backtracking while matching regular expressions, leading to the application becoming unresponsive and resulting in a Denial of Service.Recommendations
Upgrade to version 4.1.11 or higher.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clean-Css