CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2.

### Impact All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. ### Patches The problem has been patched in version 1.0.2. ### Workarounds There is no workaround besides upgrading. ### References The issue was originally reported in the react-letter repository: https://github.com/mat-sz/react-letter/issues/17 ### For more information If you have any questions or comments about this advisory: * Open an issue in [lettersanitizer](https://github.com/mat-sz/lettersanitizer/issues) * Email me at [contact@matsz.dev](mailto:contact@matsz.dev)

### Impact All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. ### Patches The problem has been patched in version 1.0.2. ### Workarounds There is no workaround besides upgrading. ### References The issue was originally reported in the react-letter repository: https://github.com/mat-sz/react-letter/issues/17 ### For more information If you have any questions or comments about this advisory: * Open an issue in [lettersanitizer](https://github.com/mat-sz/lettersanitizer/issues) * Email me at [contact@matsz.dev](mailto:contact@matsz.dev)

lettersanitizer es un saneador de correo electrónico HTML basado en el DOM para la representación del correo electrónico en el navegador. Todas las versiones de lettersanitizer anteriores a 1.0.2, están afectadas por un problema de denegación de servicio cuando es procesada una regla CSS "@keyframes". Este paquete depende de [react-letter](https://github.com/mat-sz/react-letter), por lo que todos usando react-letter también están en riesgo. El problema ha sido parcheado en versión 1.0.2