EPSS
Percentile
46.6%
lettersanitizer is vulnerable to denial of service. The vulnerability exists in the sanitizeHtml function in index.js as it does not properly handle css at-rules, allowing an attacker to crash the system via a malicious request.
sanitizeHtml
index.js
github.com/advisories/GHSA-7r3r-gq8p-v9jj
github.com/mat-sz/lettersanitizer/commit/96d3dfe2ef0465d47324ed4d13e91ba0816a173f
github.com/mat-sz/lettersanitizer/security/advisories/GHSA-7r3r-gq8p-v9jj
github.com/mat-sz/react-letter/issues/17