CVE-2022-25758

Summary

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

Affected Software

VendorProductVersion RangeStatus
n/ascss-tokenizer0 < unspecifiedaffected

Weaknesses

  • Regular Expression Denial of Service (ReDoS)

ADP Enrichment

CVE Program Container

Additional References

References