Description
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Remediation
References
https://github.com/fb55/css-what/releases/tag/v5.0.1
https://security.netapp.com/advisory/ntap-20210706-0007/
https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html
Related Vulnerabilities
CVE-2019-20921 Vulnerability in maven package org.webjars.npm:bootstrap-select
CVE-2017-10355 Vulnerability in maven package xerces:xercesimpl
CVE-2021-43306 Vulnerability in maven package org.webjars:jquery-validation
CVE-2023-29518 Vulnerability in maven package org.xwiki.platform:xwiki-platform-invitation-ui
CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core