GHSA-hwj9-h5mp-3pm3

Source

https://github.com/advisories/GHSA-hwj9-h5mp-3pm3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-hwj9-h5mp-3pm3/GHSA-hwj9-h5mp-3pm3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hwj9-h5mp-3pm3

Aliases

CVE-2021-23368

Published

2021-05-10T15:29:24Z

Modified

2025-01-14T08:57:30.487716Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Regular Expression Denial of Service in postcss

Details

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Database specific

{
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2021-04-12T14:15:00Z",
    "github_reviewed_at": "2021-05-07T17:26:38Z"
}

References

Affected packages

npm / postcss

Package

Name: postcss; View open source insights on deps.dev
Purl: pkg:npm/postcss

Affected ranges

Type: SEMVER
Events: Introduced

7.0.0

Fixed

7.0.36

npm / postcss

Package

Name: postcss; View open source insights on deps.dev
Purl: pkg:npm/postcss

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.2.10