CVE-2021-23368Uncontrolled Resource Consumption in Postcss

CWE-400Uncontrolled Resource Consumption6 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 45.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PostcssDebian Node-postcss
Timeline
PublishedApr 12
Latest updateMay 10

Description

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5postcss/postcss7.0.0unspecified+1
NVDpostcss/postcss7.0.07.0.36+1
npmpostcss/postcss7.0.07.0.36+1
debiandebian/node-postcss< node-postcss 8.2.1+~cs5.3.23-6 (bookworm)

Patches

Patch: github.comPatch: github.comPatch: snyk.io

🔴Vulnerability Details

3
GHSA
Regular Expression Denial of Service in postcss2021-05-10
OSV
Regular Expression Denial of Service in postcss2021-05-10
OSV
CVE-2021-23368: The package postcss from 72021-04-12

📋Vendor Advisories

2
Red Hat
nodejs-postcss: Regular expression denial of service during source map parsing2021-04-12
Debian
CVE-2021-23368: node-postcss - The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expre...2021