5 matches found
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM : css-what vulnerabilities (USN-6065-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6065-1 advisory. It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...
Ubuntu: Security Advisory (USN-6065-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3350 : node-css-what - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3350 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3350-1 [email protected]...
08cms (=1.0.0), 1pif-to-keepass (=0.1.0) +6781 more potentially affected by CVE-2022-21222 via css-what (>=1.0.0 <=2.1.0)
css-what NPM version =1.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.0, =1.0.0, =1.0.1, =0.0.1, =2.0.0, =2.2.0 - @battlemidget/generator-nm =1.4.1 - @benzed/dev =0.9.0 and more Source cves: CVE-2022-21222 Source advisory: OSV:GHSA-P28H-CC7Q-C4FG...
CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...