Vulnerabilities > CVE-2021-33587
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
References
- https://github.com/fb55/css-what/releases/tag/v5.0.1
- https://github.com/fb55/css-what/releases/tag/v5.0.1
- https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html
- https://security.netapp.com/advisory/ntap-20210706-0007/
- https://security.netapp.com/advisory/ntap-20210706-0007/