CVE-2021-33587

Name of the Vulnerable Software and Affected Versions css-what versions 4.0.0 through 5.0.0

Description The issue is related to an error in input size validation in the css-what package, which can lead to a denial of service. This can be exploited by a remote attacker. The problem arises because the package does not ensure that attribute parsing has linear time complexity relative to the size of the input.

Recommendations For versions 4.0.0 through 5.0.0, consider restricting the size of input data to prevent exploitation until a patch is available. As a temporary workaround, consider implementing additional validation checks on input data to minimize the risk of denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.