Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular Expression Denial of Service (ReDoS)
Vulnerability Description
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
N/A
Vulnerability Title
scss-tokenizer 安全漏洞
Vulnerability Description
scss-tokenizer是Sass Tools开源的一个 Sass 的 SCSS 语法的分词器。 scss-tokenizer 存在安全漏洞,该漏洞源于使用了不安全的正则表达式,所有版本的包 scss-tokenizer 都容易通过 loadAnnotation() 函数受到正则表达式拒绝服务 (ReDoS) 的攻击。
CVSS Information
N/A
Vulnerability Type
N/A