CVE-2022-31103

Published: Jun 27, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.

Affected (1)

Products: Lettersanitizer Project: Lettersanitizer

Lettersanitizer Project

1 product

Lettersanitizer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lettersanitizer Project Lettersanitizer	Before 1.0.2

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (6)

https://github.com/mat-sz/lettersanitizer/commit/96d3dfe2ef0465d47324ed4d13e91ba0816a173f

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/mat-sz/lettersanitizer/security/advisories/GHSA-7r3r-gq8p-v9jj

Source: security-advisories@github.com

Third Party Advisory

https://github.com/mat-sz/react-letter/issues/17

Source: security-advisories@github.com

Issue TrackingThird Party Advisory

https://github.com/mat-sz/lettersanitizer/commit/96d3dfe2ef0465d47324ed4d13e91ba0816a173f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/mat-sz/lettersanitizer/security/advisories/GHSA-7r3r-gq8p-v9jj

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/mat-sz/react-letter/issues/17

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.