CVE-2022-21222

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions css-what versions prior to 2.1.3

Description The issue is related to a Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in the re attr variable of index.js. This could be triggered via the parse function.

Recommendations For versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the parse function until a patch is available. Avoid using the re attr variable in the affected index.js file until the issue is resolved.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2022-21222

DLA-3350-1

GHSA-P28H-CC7Q-C4FG

USN-6065-1

Affected Products

Linuxmint

Ubuntu

Css-What

CVE-2022-21222

Weakness Enumeration

Related Identifiers

Affected Products

References · 19