Vulnerabilities > CVE-2022-25758 - Unspecified vulnerability in Scss-Tokenizer Project Scss-Tokenizer

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

scss-tokenizer-project

NVD

Published: 2022-07-01

Updated: 2023-08-08

Summary

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

Vulnerable Configurations

Part	Description	Count
Application	Scss-Tokenizer_Project Scss Tokenizer Project Scss Tokenizer *	1

References

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936782
https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884
https://github.com/sasstools/scss-tokenizer/issues/45