CVE-2022-25758

Published July 1st, 2022

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

sasstools/scss-tokenizer

A tokenzier for Sass' SCSS syntax

GitHub