Andrey Sitnik postcss 安全漏洞

Andrey Sitnik postcss is an open source application by Andrey Sitnik . Used to use the JS plugin to convert the style of the tool . Andrey Sitnik postcss version 7.0.0 and 8.2.10 before a security vulnerability that can be exploited by attackers to cause a denial of service...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9334 more potentially affected by CVE-2021-23368 via postcss (>=7.0.0 <=7.0.35)

postcss NPM version =7.0.0, =1.0.1, =1.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =3.4.2 and more Source cves: CVE-2021-23368 Source advisory: SNYK:JS-POSTCSS-1090595...

@100mslive/hms-video-react (>=0.3.27 <=0.3.59), @aagames-fe/google-translate (>=0.0.2 <=0.0.14) +371 more potentially affected by CVE-2021-23368 via postcss (>=8.0.0 <=8.2.1)

postcss NPM version =8.0.0, =0.3.27, =0.0.2, =1.1.0, =0.1101.0-next.0, =0.30.7-danger.689b7beb.20, =0.33.2-danger.94e2a1914.37, =0.25.0, =0.2.19, =2.0.174, =2.0.174, =2.0.174, =2.6.25 and more Source cves: CVE-2021-23368 Source advisory: SNYK:JS-POSTCSS-1090595...

Regular Expression Denial of Service (ReDoS)

Overview postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing. PoC var postcss = require"postcss" function buildattackn var ret = "a/ sourceMappingURL=" for...