CVE-2022-37620: kangax html-minifier REDoS vulnerability
(updated )
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
References
- github.com/advisories/GHSA-pfq8-rq6v-vf5m
- github.com/kangax/html-minifier
- github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js
- github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js
- github.com/kangax/html-minifier/issues/1135
- nvd.nist.gov/vuln/detail/CVE-2022-37620
Detect and mitigate CVE-2022-37620 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →