First published: Fri Jul 01 2022(Updated: )
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
Credit: report@snyk.io report@snyk.io report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
Scss-tokenizer Project Scss-tokenizer | ||
npm/scss-tokenizer | <=0.4.2 | 0.4.3 |
<=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.