VDB
CVE-2022-21222
CVE-2022-21222
PUBLISHED
CVSS 5.300000190734863 MEDIUM
css-what vulnerable to ReDoS due to use of insecure regular expression
EPSS 0.27% · 50.9th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
EPSS Score
0.27%
50.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| css-what_project | css-what | 0 |
| npm | css-what | 0 |
| n/a | css-what | unspecified |
Exploit Intelligence
Timeline
- Sep 30, 2022 EPSS Score
- Sep 30, 2022 CVE Published
- Nov 13, 2022 EPSS Score
- Dec 28, 2022 EPSS Score
- Feb 10, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 10, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
- Aug 7, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Dec 18, 2023 EPSS Score
References
- https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488 url
- https://github.com/fb55/css-what/blob/a38effd5a8f5506d75c7f8f13cbd8c76248a3860/index.js%23L12 url
- [debian-lts-announce] 20230303 [SECURITY] [DLA 3350-1] node-css-what security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2022-21222 advisory
- https://github.com/fb55/css-what/commit/dc510929790da6617e7aa93a616498b22f6a6b72 url
- https://github.com/fb55/css-what package
- https://github.com/fb55/css-what/blob/a38effd5a8f5506d75c7f8f13cbd8c76248a3860/index.js#23L12 url