7 matches found
Inefficient Regular Expression Complexity in clean-css/clean-css
✍️ Description It allows cause a denial of service when calling function isDataUriResource. 🕵️♂️ Proof of Concept // PoC.js var isDataUriResource = require"clean-css/lib/utils/is-data-uri-resource" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = 'data:' +...
The vulnerability of the clean-css application software library at Avora Center, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the clean-css application software of Aurora Center relates to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially crafted regular expression...
0303-lb3-paket (=1.0.1), 04_nodeblog (=1.0.0) +8446 more potentially affected by unknown CVE via clean-css (>=0.10.0 <=4.1.1)
clean-css NPM version =0.10.0, =0.0.1, =3.1.4, =1.0.3, =3.1.6, =1.0.1, =1.0.0, =1.0.0, =0.1.1, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WXHQ-PM8V-CW75...
Regular Expression Denial of Service in clean-css
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade to...
GHSA-WXHQ-PM8V-CW75 Regular Expression Denial of Service in clean-css
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade to...
Regular Expression Denial of Service
Overview Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrad...
Regular Expression Denial Of Service (ReDoS)
clean-css is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the use of a vulnerable regex pattern where using it to match a malicious string could result in a ReDoS attack...