CVE-2021-33587
Summary
| CVE | CVE-2021-33587 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-28 20:15:00 UTC |
| Updated | 2023-03-03 13:15:00 UTC |
| Description | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Css-what Project | Css-what | All | All | All | All |
| Application | Css-what Project | Css-what | 4.0.0 | All | All | All |
| Application | Css-what Project | Css-what | 5.0.0 | All | All | All |
| Application | Css-what Project | Css-what | All | All | All | All |
| Application | Netapp | E-series Performance Analyzer | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v5.0.1 · fb55/css-what · GitHub | MISC | github.com | |
| CVE-2021-33587 Node.js Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] [DLA 3350-1] node-css-what security update | MLIST | lists.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181619 Debian Security Update for node-css-what (DLA 3350-1)
- 184832 Debian Security Update for node-css-what (CVE-2021-33587)
- 199479 Ubuntu Security Notification for css-what Vulnerabilities (USN-6065-1)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 982332 Nodejs (npm) Security Update for css-what (GHSA-q8pj-2vqx-8ggc)