CVE-2021-33587

CVE-2021-33587 affects the css-what package for Node.js (versions 4.0.0 through 5.0.0). The vulnerability arises from non-linear attribute parsing, which could lead to degraded performance or availability impacts as input size grows. The connected IBM/OSS references note a fixed release, with the...

CVE-2022-21222

CVE-2022-21222 affects the Node.js package css-what prior to version 2.1.3. The vulnerability stems from an insecure regular expression in the re_attr variable of index.js, enabling Regular Expression Denial of Service (ReDoS) via the parse function. Affected users should upgrade to 2.1.3 or newe...