CVE-2022-37620

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-37620
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/kangax/html-minifier/issues/1135 Issue Tracking Third Party Advisory
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294 Exploit Third Party Advisory
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:html-minifier_project:html-minifier:4.0.0:*:*:*:*:*:*:*
Information

Published : 2022-10-31 05:15

Updated : 2022-11-01 10:59

NVD link : CVE-2022-37620

Mitre link : CVE-2022-37620

JSON object : View

CWE
CWE-400

Uncontrolled Resource Consumption

Advertisement

dedicated server usa
Products Affected

html-minifier_project

  • html-minifier