CVE-2022-37620

A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
Configurations

Configuration 1 (hide)

cpe:2.3:a:html-minifier_project:html-minifier:4.0.0:*:*:*:*:*:*:*

History

04 Nov 2024, 16:52

Type Values Removed Values Added
References () https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338 - Exploit, Third Party Advisory () https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338 - Product
References () https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294 - Exploit, Third Party Advisory () https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294 - Product

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-400 CWE-1333

Information

Published : 2022-10-31 12:15

Updated : 2024-11-04 16:52


NVD link : CVE-2022-37620

Mitre link : CVE-2022-37620

CVE.ORG link : CVE-2022-37620


JSON object : View

Products Affected

html-minifier_project

  • html-minifier
CWE
CWE-1333

Inefficient Regular Expression Complexity