All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Scss-tokenizer | Scss-tokenizer_project | * | * |
| Node-node-sass | Ubuntu | focal | * |
| Node-node-sass | Ubuntu | impish | * |
| Node-node-sass | Ubuntu | kinetic | * |
| Node-node-sass | Ubuntu | lunar | * |
| Node-node-sass | Ubuntu | mantic | * |
| Node-node-sass | Ubuntu | oracular | * |
| Node-node-sass | Ubuntu | plucky | * |