GMS-2019-15: Regular Expression Denial of Service in clean-css

June 5, 2019 (updated March 9, 2022)

clean-css is vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

References

github.com/advisories/GHSA-wxhq-pm8v-cw75
github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3
www.npmjs.com/advisories/785

Code Behaviors & Features

Detect and mitigate GMS-2019-15 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →