GHSA-prr3-c3m5-p7q2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-prr3-c3m5-p7q2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-prr3-c3m5-p7q2/GHSA-prr3-c3m5-p7q2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-prr3-c3m5-p7q2
- Aliases
-
- CVE-2023-48631
- Published
- 2023-11-30T19:51:29Z
- Modified
- 2023-12-14T22:02:39Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVSS Calculator
- Summary
- @adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
- Details
-
Impact
@adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
Patches
The issue has been resolved in 4.3.2.
Workarounds
None
References
N/A
- Database specific
{ "nvd_published_at": "2023-12-14T13:15:54Z", "cwe_ids": [ "CWE-1333", "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-11-30T19:51:29Z" }- References
-
- https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2
- https://nvd.nist.gov/vuln/detail/CVE-2023-48631
- https://github.com/adobe/css-tools/issues/211
- https://github.com/adobe/css-tools/pull/249
- https://github.com/adobe/css-tools/commit/472bef91bde9caab305f3f36231ad0c253581b43
- https://github.com/adobe/css-tools
Affected packages
npm / @adobe/css-tools
Package
- Name
- @adobe/css-tools
- View open source insights on deps.dev
- Purl
- pkg:npm/%40adobe/css-tools