/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-mvv3-xjv4-w9gc

Published

Last updated

https://images.chainguard.dev/security/CGA-mvv3-xjv4-w9gc
Package

jitsucom-jitsu

RepositoryWolfi
Latest Update
Fixed
Fixed Version

2.8.4-r0

Aliases
  • CVE-2022-37620
  • GHSA-pfq8-rq6v-vf5m

Severity

7.5

High

CVSS CVSS_V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2022-37620

Updates

Status

Fixed

Fixed version

2.8.4-r0

Status

Pending upstream fix

Impact

A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. The ReDoS vulnerability can be mitigated with several best practices described here: [https://snyk.io/blog/redos-and-catastrophic-backtracking/]. The issue is still open and has not been fixed yet: 'https://github.com/kangax/html-minifier/issues/1135'

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing