CVE-2023-24038

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24038

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24038.json

Related

DLA-3296-1
DSA-5339-1
USN-6100-1

Published

2023-01-21T01:15:15Z

Modified

2023-11-29T10:02:15.387430Z

Details

The HTML-StripScripts module through 1.06 for Perl allows hssattval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.

References

https://www.debian.org/security/2023/dsa-5339
https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html
https://github.com/clintongormley/perl-html-stripscripts/issues/3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYD5PFRUUB4VVY52I5KA3RQ7SQOD7YM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASDRHN2MLGL2HGBUNDZG4YLUWW6NSUKD/

Affected packages

Git / github.com/clintongormley/perl-html-stripscripts

Affected ranges

Type: GIT
Repo: https://github.com/clintongormley/perl-html-stripscripts
Events: Introduced

0The exact introduced commit is unknown

Last affected

047821d1d19ef7dae460dc1ca4f4b59a5c389616

Affected versions

version_1.*

version_1.06