Linear Time Complexity Vulnerability in css-what Package 4.0.0 - 5.0.0 for Node.js

Linear Time Complexity Vulnerability in css-what Package 4.0.0 - 5.0.0 for Node.js

CVE-2021-33587 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

Learn more about our Web Application Penetration Testing UK.