Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/clean-css@2.2.19
Typenpm
Namespace
Nameclean-css
Version2.2.19
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.11
Latest_non_vulnerable_version4.1.11
Affected_by_vulnerabilities
0
url VCID-zb9q-mw8d-37dj
vulnerability_id VCID-zb9q-mw8d-37dj
summary 
Regular Expression Denial of Service in clean-css
Version of `clean-css` prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.


## Recommendation

Upgrade to version 4.1.11 or higher.
references
0
reference_url https://github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3
1
reference_url https://www.npmjs.com/advisories/785
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/785
2
reference_url https://github.com/advisories/GHSA-wxhq-pm8v-cw75
reference_id GHSA-wxhq-pm8v-cw75
reference_type
scores
url https://github.com/advisories/GHSA-wxhq-pm8v-cw75
fixed_packages
0
url pkg:npm/clean-css@4.1.11
purl pkg:npm/clean-css@4.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/clean-css@4.1.11
aliases GHSA-wxhq-pm8v-cw75, GMS-2019-15, GMS-2019-71, GMS-2019-72, GMS-2019-74, GMS-2019-75, GMS-2019-76, GMS-2019-77, GMS-2019-78
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zb9q-mw8d-37dj
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/clean-css@2.2.19