Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-7R3R-GQ8P-V9JJ
HistoryJun 23, 2022 - 5:48 p.m.

Improper handling of CSS at-rules in lettersanitizer

2022-06-2317:48:19
Google
osv.dev
10
denial of service
css at-rule
lettersanitizer
react-letter
patched
upgrade

EPSS

0.001

Percentile

46.6%

JSON

Impact

All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes.

This package is depended on by react-letter, therefore everyone using react-letter is also at risk.

Patches

The problem has been patched in version 1.0.2.

Workarounds

There is no workaround besides upgrading.

References

The issue was originally reported in the react-letter repository: https://github.com/mat-sz/react-letter/issues/17

For more information

If you have any questions or comments about this advisory:

Related

prion 1
github 1
cnvd 1
osv 1
cvelist 1
cve 1
veracode 1
nvd 1
prion
prion
Denial of service
2022-06-27 23:15:00
github
github
Improper handling of CSS at-rules in lettersanitizer
2022-06-23 17:48:19
cnvd
cnvd
lettersanitizer denial of service vulnerability
2022-06-30 00:00:00
osv
osv
CVE-2022-31103
2022-06-27 23:15:08
cvelist
cvelist
CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer
2022-06-27 22:20:16
cve
cve
CVE-2022-31103
2022-06-27 23:15:08
veracode
veracode
Denial Of Service (DoS)
2022-06-28 09:48:03
nvd
nvd
CVE-2022-31103
2022-06-27 23:15:08

EPSS

0.001

Percentile

46.6%

JSON
Related for OSV:GHSA-7R3R-GQ8P-V9JJ
prion1github1cnvd1osv1cvelist1cve1veracode1nvd1