Open kis opened 1 year ago
@tarunmangukiya @akandeBolaji @ladumorrajani @imzedi hey team! could you please bump svgo dependency to newer version and make a new release to fix this high severity vulnerability found with Snyk? https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
Introduced through @iconscout/unicons@4.0.8 Fixed in nth-check@2.0.1
https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
Detailed paths Introduced through: sastrify-webapp@2.4.0 › @iconscout/unicons@4.0.8 › svgo@1.1.1 › css-select@2.1.0 › nth-check@1.0.2 Fix: No remediation path available.
Security information Factors contributing to the scoring: Snyk: CVSS 7.5 - High Severity
NVD: CVSS 7.5 - High Severity
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern \s(?:([+-]?)\s(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency.