CVE-2023-24038

🗓️ 21 Jan 2023 00:00:00Reported by mitreType

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes

Reporter	Title	Published	Views	Family All 33
CNNVD	perl-html-stripscripts 安全漏洞	21 Jan 202300:00	–	cnnvd
Cvelist	CVE-2023-24038	21 Jan 202300:00	–	cvelist
Debian	[SECURITY] [DLA 3296-1] libhtml-stripscripts-perl security update	30 Jan 202321:34	–	debian
Debian	[SECURITY] [DSA 5339-1] libhtml-stripscripts-perl security update	5 Feb 202315:43	–	debian
Debian CVE	CVE-2023-24038	21 Jan 202300:00	–	debiancve
Tenable Nessus	Debian dla-3296 : libhtml-stripscripts-perl - security update	31 Jan 202300:00	–	nessus
Tenable Nessus	Debian DSA-5339-1 : libhtml-stripscripts-perl - security update	5 Feb 202300:00	–	nessus
Tenable Nessus	Fedora 37 : perl-HTML-StripScripts (2023-6f16e3bcee)	16 Jun 202300:00	–	nessus
Tenable Nessus	Fedora 38 : perl-HTML-StripScripts (2023-a42aa9700f)	16 Jun 202300:00	–	nessus
Tenable Nessus	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : HTML::StripScripts vulnerability (USN-6100-1)	24 May 202300:00	–	nessus

NVD

Node

html-stripscripts_project html-stripscriptsRange≤1.06

Node

debian debian_linuxMatch10.0

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/
github	www.github.com/clintongormley/perl-html-stripscripts/issues/3
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/
debian	www.debian.org/security/2023/dsa-5339
lists	www.lists.debian.org/debian-lts-announce/2023/01/msg00036.html

02 Apr 2025 16:15Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.5

EPSS0.00142

SSVC

CWE-1333