Css What Project

css-what_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Css What

css-what

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-21222 1Css What Project 1Css What May 20, 2025 Sep 30, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability...Show more The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.Show less
CVE-2021-33587 2Css What Project Netapp 2Css What E Series Performance Analyzer Nov 21, 2024 May 28, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-21222

1Css What Project

1Css What

May 20, 2025

Sep 30, 2022

N/A· v4

7.5 HIGH· v3

N/A· v2

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability...Show more

CVE-2021-33587

2Css What Project

Netapp

2Css What

E Series Performance Analyzer

Nov 21, 2024

May 28, 2021

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.