High severity vulnerability in nth-check - Regular Expression Denial of Service (ReDoS)

**Introduced through**
@iconscout/unicons@4.0.8
**Fixed in**
nth-check@2.0.1

https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

**Detailed paths**
Introduced through: sastrify-webapp@2.4.0 › @iconscout/unicons@4.0.8 › svgo@1.1.1 › css-select@2.1.0 › nth-check@1.0.2
Fix: No remediation path available.

**Security information**
Factors contributing to the scoring:
**Snyk**: [CVSS 7.5](https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032) - High Severity

**NVD**: [CVSS 7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3803) - High Severity

**Overview**
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when parsing crafted invalid CSS nth-checks, due to the sub-pattern \s*(?:([+-]?)\s*(\d+))? in RE_NTH_ELEMENT with quantified overlapping adjacency.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High severity vulnerability in nth-check - Regular Expression Denial of Service (ReDoS) #204

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

High severity vulnerability in nth-check - Regular Expression Denial of Service (ReDoS) #204

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions