GHSA-hpx4-r86g-5jrg

Suggest an improvement
Source
https://github.com/advisories/GHSA-hpx4-r86g-5jrg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-hpx4-r86g-5jrg/GHSA-hpx4-r86g-5jrg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hpx4-r86g-5jrg
Aliases
  • CVE-2023-26364
Published
2023-08-29T23:33:26Z
Modified
2026-05-04T09:00:06.508008953Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVSS Calculator
Summary
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Details

Impact

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.1.

Workarounds

None

References

N/A

Database specific 
{
    "github_reviewed_at": "2023-08-29T23:33:26Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-1333",
        "CWE-20"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2023-11-17T14:15:21Z"
}
References

Affected packages

npm / @adobe/css-tools

Package

Name
@adobe/css-tools
View open source insights on deps.dev
Purl
pkg:npm/%40adobe/css-tools

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-hpx4-r86g-5jrg/GHSA-hpx4-r86g-5jrg.json"