EUVD-2022-6284

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-25758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecur...

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-underscore: Arbitrary code execution via the template function CVE-2021-23358 - node-fetch is...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-25758 DESCRIPTION: Node.js scss-tokenizer module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS vulnerability in the loadAnnotation function....

CVE-2022-25758

A flaw was found in the scss-tokenizer package. Affected versions of this package are vulnerable to a regular expression denial of service ReDoS attacks...

Regular Expression Denial Of Service (ReDoS)

scss-tokenizer is vulnerable to regular expression denial of service. The vulnerability exists in the loadAnnotation function of previous-map.js due to the insecure regex pattern used in the match attribute, allowing an attacker to crash the application by providing malicious input...

GHSA-7MWH-4PQV-WMR8 Regular expression denial of service in scss-tokenizer

All versions of the package scss-tokenizer prior to 0.4.3 are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

CVE-2022-25758

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

UBUNTU-CVE-2022-25758

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

CVE-2022-25758

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

CVE-2022-25758 Regular Expression Denial of Service (ReDoS)

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

CVE-2022-25758

CVE-2022-25758 affects the scss-tokenizer package: every version is vulnerable to a ReDoS via loadAnnotation() caused by insecure regex. Exploitation is described as remote, enabling Denial of Service. Remediation is to upgrade IBM WebMethods Cloud Pak System components to supported versions; IBM...

CVE-2022-25758

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex...

PT-2022-17493 · Unknown · Scss-Tokenizer

Name of the Vulnerable Software and Affected Versions: scss-tokenizer versions prior to 0.4.3 Description: The issue is related to a Regular Expression Denial of Service ReDoS in the scss-tokenizer package. This occurs via the loadAnnotation function due to the usage of insecure regex...

scss-tokenizer 安全漏洞

scss-tokenizer is Sass Tools open source a Sass SCSS syntax of the splitter . scss-tokenizer has a security vulnerability , the vulnerability stems from the use of insecure regular expressions , all versions of the package scss-tokenizer are susceptible to regular expression denial of service ReD...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 08cms (=1.0.0) +17676 more potentially affected by CVE-2022-25758 via scss-tokenizer (>=0.1.2 <=0.4.2)

scss-tokenizer NPM version =0.1.2, =1.0.1, =1.0.4, =1.0.3, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.276 - 5coder-pages =0.2.0 and more Source cves: CVE-2022-25758 Source advisory: SNYK:JS-SCSSTOKENIZER-2339884...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the loadAnnotation function, due to the usage of insecure regex. PoC js var scss = require"scss-tokenizer" function buildattackn var ret = "a" for var i = 0; i n; i++ ret += "/...