Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.20 views

RHEL 8 : nodejs-css-what (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-css-what: does not ensure that attribute parsing has linear time complexity relative to the size of the inpu...

7.3AI score0.02267EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.30 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM : css-what vulnerabilities (USN-6065-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6065-1 advisory. It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

7.5CVSS7.6AI score0.02267EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/05/11 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-6065-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02267EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.26 views

Debian dla-3350 : node-css-what - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3350 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3350-1 [email protected]...

7.5CVSS7.4AI score0.02267EPSS
Exploits1References6
Node.js
Node.js
added 2021/06/07 10:13 p.m.69 views

Denial of Service

Overview css-what from version 4.0.0 and before version 5.0.1 does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Recommendation Upgrade to version 5.0.1 or later References - CVE - GitHub Advisory...

5CVSS5.2AI score0.02267EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/06/07 10:11 p.m.6 views

5ug-cli (>=1.0.72 <=1.4.0), @11ty/eleventy-plugin-syntaxhighlight (>=3.1.0 <=3.1.1) +172 more potentially affected by CVE-2021-33587 via css-what (=4.0.0)

css-what NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on css-what and may be impacted: - 5ug-cli =1.0.72, =3.1.0, =0.0.1, =0.4.0-next.8, =0.4.0-next.8, =0.4.0-next.8, =2.8.1, =2.7.6, =2.8.0, =1.0.0-alpha.0, =1.0.0, =2.8.1, =2.8.3 and...

7.5CVSS7.1AI score0.02267EPSS
Exploits0
OSV
OSV
added 2021/05/28 8:15 p.m.6 views

UBUNTU-CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.2AI score0.02267EPSS
Exploits0References4
CVE
CVE
added 2021/05/28 12:0 a.m.168 views

CVE-2021-33587

CVE-2021-33587 affects the css-what package for Node.js (versions 4.0.0 through 5.0.0). The vulnerability arises from non-linear attribute parsing, which could lead to degraded performance or availability impacts as input size grows. The connected IBM/OSS references note a fixed release, with the...

7.5CVSS7.3AI score0.02267EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/05/28 12:0 a.m.33 views

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7.7AI score0.02267EPSS
Exploits0
Rows per page
Query Builder