Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
WS-2019-0017 - Medium Severity Vulnerability
A well-tested CSS minifier
Library home page: https://registry.npmjs.org/clean-css/-/clean-css-4.1.9.tgz
Path to dependency file: /Turismo-Torrevieja/package.json
Path to vulnerable library: /tmp/git/Turismo-Torrevieja/node_modules/clean-css/package.json
Dependency Hierarchy: - cli-1.6.1.tgz (Root Library) - html-webpack-plugin-2.30.1.tgz - html-minifier-3.5.7.tgz - :x: **clean-css-4.1.9.tgz** (Vulnerable Library)
Found in HEAD commit: 5fe809a2e7cf19f24da932e71d58c622ec363c70
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-02-21
URL: WS-2019-0017
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/785
Release Date: 2019-02-21
Fix Resolution: v4.1.11
Step up your Open Source Security Game with WhiteSource here