CVE-2022-25758 Information

Jul 02, 2022 cve

Description

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function due to the usage of insecure regex.

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936782 https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884 https://github.com/sasstools/scss-tokenizer/issues/45

Share on: