GHSA-566M-QJ78-RWW5 Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

PT-2021-15478 · Postcss · Postcss

Name of the Vulnerable Software and Affected Versions: postcss versions prior to 7.0.36 postcss versions 8.0.0 through 8.2.13 Description: The issue is related to Regular Expression Denial of Service ReDoS via the getAnnotationURL and loadAnnotation functions in lib/previous-map.js. The vulnerabl...