sasstools/scss-tokenizer

Releases13

Frequency7 months 6 days

Last Release almost 4 years ago

Stars25

A tokenzier for Sass' SCSS syntax

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-25758 ↗	Jul 1, 2022Friday, 1 July 2022, 20:15	5.3 MEDIUM	5 MEDIUM
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.