Home > Vulnerability Database > WS-2019-0017

Mend.io Vulnerability Database

WS-2019-0017

Good to know:

Date: March 6, 2018

Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Language: Java

Severity Score

5.3

Related Resources (2)

Url: https://www.npmjs.com/advisories/785

Url: https://www.mend.io/vulnerability-database/WS-2019-0017

Severity Score

5.3

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Top Fix

Upgrade Version

Upgrade to version clean-css - 4.1.11

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2019-0017

Good to know:

Date: March 6, 2018

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?