search

Iconscout / unicons

Unicons by IconScout offers 7,000+ free 3D and animated icons plus icon fonts in line, monochrome, solid and thin line styles. Use them in your web, iOS or Android design projects.
https://iconscout.com/unicons
Other
1.41k stars 97 forks source link

High severity vulnerability in nth-check - Regular Expression Denial of Service (ReDoS) #204

Open kis opened 1 year ago

kis commented 1 year ago

Introduced through @iconscout/unicons@4.0.8 Fixed in nth-check@2.0.1

https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

Detailed paths Introduced through: sastrify-webapp@2.4.0 › @iconscout/unicons@4.0.8 › svgo@1.1.1 › css-select@2.1.0 › nth-check@1.0.2 Fix: No remediation path available.

Security information Factors contributing to the scoring: Snyk: CVSS 7.5 - High Severity

NVD: CVSS 7.5 - High Severity

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern \s(?:([+-]?)\s(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency.

kis commented 1 year ago

@tarunmangukiya @akandeBolaji @ladumorrajani @imzedi hey team! could you please bump svgo dependency to newer version and make a new release to fix this high severity vulnerability found with Snyk? https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032