Description
All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes.
This package is depended on by react-letter, therefore everyone using react-letter is also at risk.
Recommendation
Update the lettersanitizer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.2
- Patched version(s): 1.0.2
References
Related Issues
- Improper handling of multiline messages in node-irc affects matrix-appservice-irc - CVE-2022-29166
- materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input - CVE-2022-25349
- Improper Removal of Sensitive Information Before Storage or Transfer in Strapi - CVE-2022-30618
- Improper beacon events in matrix-js-sdk can result in availability issues - CVE-2022-39236
- Tags:
- npm
- lettersanitizer
Anything's wrong? Let us know Last updated on January 27, 2023