CVE-2022-37620 - Vulnerability Details

A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kangax	Html-minifier
Terser	Html-minifier-terser

Configuration 1 [-]

cpe:2.3:a:terser:html-minifier-terser:*:*:*:*:*:node.js:*:*

Configuration 2 [-]

cpe:2.3:a:kangax:html-minifier:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338
https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L294
https://github.com/kangax/html-minifier/issues/1135

History

Fri, 02 May 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Kangax Kangax html-minifier Terser Terser html-minifier-terser
CPEs	cpe:2.3:a:html-minifier_project:html-minifier:4.0.0:::::::*	cpe:2.3:a:kangax:html-minifier::::::node.js::* cpe:2.3:a:terser:html-minifier-terser::::::node.js::*
Vendors & Products	Html-minifier Project Html-minifier Project html-minifier	Kangax Kangax html-minifier Terser Terser html-minifier-terser

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-31T00:00:00

Updated: 2024-08-03T10:29:21.041Z

Reserved: 2022-08-08T00:00:00

Link: CVE-2022-37620

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-31T12:15:10.137

Modified: 2025-05-02T17:34:45.170

Link: CVE-2022-37620

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object