Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

VectorNETWORK

PublishedMay 28, 2021, 20:15

Published Bycve@mitre.org

Base Score

Score7.5

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

css-what(npm)4.0.05.0.1N/A

References

https://github.com/fb55/css-what/releases/tag/v5.0.1
https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html
https://security.netapp.com/advisory/ntap-20210706-0007/

Weakness Type

NVD-CWE-noinfo

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK