Package: css-what
Version: 3.4.2
Description: a CSS selector parser
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. Sonatype's research suggests that this CVE's details differ from those defined at NVD.
Package: css-what Version: 3.4.2 Description: a CSS selector parser
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. Sonatype's research suggests that this CVE's details differ from those defined at NVD.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H