Advisories for Npm/Lettersanitizer package

2022

Improper Check for Unusual or Exceptional Conditions

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.

Duplicate of ./npm/lettersanitizer/CVE-2022-31103.yml

Impact All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is also at risk. Patches The problem has been patched in version 1.0.2. Workarounds There is no workaround besides upgrading. References The issue was originally reported in the react-letter repository: https://github.com/mat-sz/react-letter/issues/17 For more information If you have any …