inline-style-parser is vulnerable to Regular Expression Denial of Service (ReDoS)
60
Medium Risk
inline-style-parser strips CSS comments from declaration properties and values with a regular expression built from nested quantifiers and ambiguous alternation. When the parser processes an inline style string containing a crafted comment sequence, the regex engine enters catastrophic backtracking and blocks the single-threaded event loop. An application that parses untrusted CSS or inline style strings can be forced into a denial-of-service state by a short malicious input. The fix rewrites the comment-stripping regular expression into an unambiguous, linear-time pattern.
You are affected if you are using a version that falls within the vulnerable range and your application parses untrusted CSS or inline style strings.
inline-style-parser is vulnerable to Regular Expression Denial of Service (ReDoS) in versions 0.1.0 - 0.2.8.
Upgrade the inline-style-parser library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant