Description
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Recommendation
Update the clean-css package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.1.11
- Patched version(s): 4.1.11
References
Related Issues
- Regular Expression Denial of Service in markdown - Vulnerability
- tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
- prismjs Regular Expression Denial of Service vulnerability - CVE-2021-3801
- useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
You might also like:
- Tags:
- npm
- clean-css
Anything's wrong? Let us know Last updated on April 11, 2023