The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Metrics
Affected Vendors & Products
References
History
Sun, 08 Sep 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat acm |
|
CPEs | cpe:/a:redhat:acm:2.6::el8 | |
Vendors & Products |
Redhat
Redhat acm |
Mon, 19 Aug 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Redhat
Redhat acm |
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-08-30T05:00:20.149607Z
Updated: 2024-09-17T03:07:00.082Z
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25887
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-30T05:15:07.727
Modified: 2024-11-21T06:53:09.953
Link: CVE-2022-25887
Redhat