MAL-2022-5424 Malicious code in postcss-lazy-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3af0b17a0cca4f52c02b138fec9e69ba2c506346ef1a6b57cbf893a03b7b5c46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@100mslive/hms-video-react (>=0.3.27 <=0.3.125), @aagames-fe/google-translate (>=0.0.2 <=0.0.14) +394 more potentially affected by CVE-2021-23382 via postcss (>=8.0.0 <=8.2.12)

postcss NPM version =8.0.0, =0.3.27, =0.0.2, =1.1.0, =0.1101.0-next.0, =0.30.7-danger.689b7beb.20, =0.33.2-danger.94e2a1914.37, =0.25.0, =0.2.19, =2.0.174, =2.0.174, =2.0.174, =2.6.25 and more Source cves: CVE-2021-23382 Source advisory: OSV:GHSA-566M-QJ78-RWW5...

GHSA-566M-QJ78-RWW5 Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02-infrastructure (=1.0.0) +37569 more potentially affected by CVE-2021-23382 via postcss (>=0.1.0 <=7.0.35)

postcss NPM version =0.1.0, =1.0.1, =1.0.0, =1.0.4, =1.0.0, =5.0.0, =1.0.3, =1.0.7 and more Source cves: CVE-2021-23382 Source advisory: OSV:GHSA-566M-QJ78-RWW5...

Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

The vulnerability of the PostCSS library in Aurora Application Software, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the PostCSS application library in Aurora Software Center, related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Regular Expression Denial of Service

Overview postcss from 7.0.0 and before version 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service ReDoS during source map parsing. Recommendation Upgrade to version 8.2.10 or later References - CVE - GitHub Advisory...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9334 more potentially affected by CVE-2021-23368 via postcss (>=7.0.0 <=7.0.35)

postcss NPM version =7.0.0, =1.0.1, =1.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =3.4.2 and more Source cves: CVE-2021-23368 Source advisory: OSV:GHSA-HWJ9-H5MP-3PM3...

@100mslive/hms-video-react (>=0.3.27 <=0.3.59), @aagames-fe/google-translate (>=0.0.2 <=0.0.14) +371 more potentially affected by CVE-2021-23368 via postcss (>=8.0.0 <=8.2.1)

postcss NPM version =8.0.0, =0.3.27, =0.0.2, =1.1.0, =0.1101.0-next.0, =0.30.7-danger.689b7beb.20, =0.33.2-danger.94e2a1914.37, =0.25.0, =0.2.19, =2.0.174, =2.0.174, =2.0.174, =2.6.25 and more Source cves: CVE-2021-23368 Source advisory: OSV:GHSA-HWJ9-H5MP-3PM3...

GHSA-HWJ9-H5MP-3PM3 Regular Expression Denial of Service in postcss

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

Regular Expression Denial of Service in postcss

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

CVE-2021-23382

A regular expression denial of service ReDoS vulnerability was found in the npm library postcss when using getAnnotationURL or loadAnnotation options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service...

Regular Expression Denial Of Service (ReDoS)

postcss is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure usage of regex sub-pattern /\\s sourceMappingURL=. via getAnnotationURL and loadAnnotation in lib/previous-map.js...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

DEBIAN-CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

Code injection

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

UBUNTU-CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

CVE-2021-23382

CVE-2021-23382 : IBM Storage Defender Copy Data Management (2.2.0.0–2.2.27.0) includes PostCSS vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The issue stems from vulnerable regex patterns (notably /*\s sourceMappingU...