CVE-2021-23368

A regular expression denial of service ReDoS vulnerability was found in the npm library postcss. When parsing a supplied CSS string, if it contains an unexpected value then as the supplied CSS grows in length it will take an ever increasing amount of time to process. An attacker can use this...

CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

DEBIAN-CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

Code injection

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

UBUNTU-CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

CVE-2021-23368

CVE-2021-23368 concerns the PostCSS package: versions 7.0.0 up to, but not including, 8.2.10 are vulnerable to a Regular Expression Denial of Service (ReDoS) during source map parsing. The connected documents confirm this vulnerability and link it to the Node.js/npm ecosystem, but do not provide ...

CVE-2021-23368 Regular Expression Denial of Service (ReDoS)

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...

Andrey Sitnik postcss 安全漏洞

Andrey Sitnik postcss is an open source application by Andrey Sitnik . Used to use the JS plugin to convert the style of the tool . Andrey Sitnik postcss version 7.0.0 and 8.2.10 before a security vulnerability that can be exploited by attackers to cause a denial of service...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +9336 more potentially affected by CVE-2021-23368 via postcss (>=7.0.0 <=7.0.35)

postcss NPM version =7.0.0, =1.0.1, =1.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =3.4.2 and more Source cves: CVE-2021-23368 Source advisory: SNYK:JS-POSTCSS-1090595...

Regular Expression Denial of Service (ReDoS)

Overview postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing. PoC var postcss = require"postcss" function buildattackn var ret = "a/ sourceMappingURL=" for...

@100mslive/hms-video-react (>=0.3.27 <=0.3.59), @aagames-fe/google-translate (>=0.0.2 <=0.0.14) +371 more potentially affected by CVE-2021-23368 via postcss (>=8.0.0 <=8.2.1)

postcss NPM version =8.0.0, =0.3.27, =0.0.2, =1.1.0, =0.1101.0-next.0, =0.30.7-danger.689b7beb.20, =0.33.2-danger.94e2a1914.37, =0.25.0, =0.2.19, =2.0.174, =2.0.174, =2.0.174, =2.6.25 and more Source cves: CVE-2021-23368 Source advisory: SNYK:JS-POSTCSS-1090595...