CVE-2021-23368

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23368
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23368.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23368
Aliases
Downstream
Related
  • SNYK-JAVA-ORGWEBJARSNPM-1244795
  • SNYK-JS-POSTCSS-1090595
Published
2021-04-12T14:15:14.257Z
Modified
2026-04-02T06:47:24.734507Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

References

Affected packages

Git / github.com/postcss/postcss

Affected ranges

Type
GIT
Repo
https://github.com/postcss/postcss
Events
Introduced
d1c53a2b5dcb6b48f11889fafb94fe022306783b
Fixed
67e3d7b3402c5d3d036ab7c1e781f86910d6ca72
Introduced
d41a37605adc16b3eb17f806ce0259a8b316e603
Fixed
8395d9f53efbaae5f3372b6b662a9e9b5b02360b
Fixed
8682b1e4e328432ba692bed52326e84439cec9e4
Fixed
b6f3e4d5a8d7504d553267f80384373af3a3dec5
Database specific 
{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.36"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.2.10"
        }
    ]
}

Affected versions

7.*
7.0.0
7.0.1
7.0.10
7.0.11
7.0.12
7.0.13
7.0.14
7.0.15
7.0.16
7.0.17
7.0.18
7.0.19
7.0.2
7.0.20
7.0.21
7.0.22
7.0.23
7.0.24
7.0.25
7.0.26
7.0.27
7.0.28
7.0.29
7.0.3
7.0.30
7.0.31
7.0.32
7.0.33
7.0.34
7.0.35
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
7.0.9
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.0.4
8.0.5
8.0.6
8.0.7
8.0.8
8.0.9
8.1.0
8.1.1
8.1.10
8.1.11
8.1.12
8.1.13
8.1.14
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.1.7
8.1.8
8.1.9
8.2.0
8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.2.7
8.2.8
8.2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23368.json"