EUVD-2022-7138

Malicious code in bioql PyPI...

USN-6065-1 node-css-what vulnerabilities

It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-33587, CVE-2022-21222...

08cms (=1.0.0), 1pif-to-keepass (=0.1.0) +6782 more potentially affected by CVE-2022-21222 via css-what (>=1.0.0 <=2.1.0)

css-what NPM version =1.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.1, =0.0.1, =2.0.0, =2.2.0 - @battlemidget/generator-nm =1.4.1 - @benzed/dev =0.9.0 and more Source cves: CVE-2022-21222 Source advisory: OSV:GHSA-P28H-CC7Q-C4FG...

UBUNTU-CVE-2022-21222

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...

PT-2022-14933 · Css-What +2 · Css-What +2

Name of the Vulnerable Software and Affected Versions: css-what versions prior to 2.1.3 Description: The issue is related to a Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression in the re attr variable of index.js. This could be triggered via the parse...

5ug-cli (>=1.0.72 <=1.4.0), @11ty/eleventy-plugin-syntaxhighlight (>=3.1.0 <=3.1.1) +174 more potentially affected by CVE-2021-33587 via css-what (=4.0.0)

css-what NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on css-what and may be impacted: - 5ug-cli =1.0.72, =3.1.0, =0.0.1, =0.4.0-next.8, =0.4.0-next.8, =0.4.0-next.8, =2.8.1, =2.7.6, =2.8.0, =1.0.0-alpha.0, =1.0.0, =2.8.1, =2.8.3 and...

DEBIAN-CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...