18 matches found
MAL-2026-5837 Malicious code in postcss-minify-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc7341d6762a6209e4bde3d99f31f1a8650b6971e64a19547b9f35e7a51abb3 Package is published as postcss-minify-selector singular but its internal postcss plugin identifier is postcss-minify-selectors plural — the canonica...
MAL-2026-5737 Malicious code in postcss-minify-selector-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...
Malicious code in postcss-minify-selector-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...
org.webjars.npm:coreui__coreui (=4.2.1), org.webjars.npm:css-loader (>=2.1.0 <=6.7.2) +19 more potentially affected by CVE-2026-9358 via org.webjars.npm:postcss-selector-parser (>=4.0.0-rc.1 <=7.1.0)
org.webjars.npm:postcss-selector-parser MAVEN version =4.0.0-rc.1, =2.1.0, =3.1.0, =7.0.1, =4.0.2, =2.0.6, =2.1.0, =4.1.2, =6.2.0 and more Source cves: CVE-2026-9358 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16873883...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...
UBUNTU-CVE-2026-9358
A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The...
EUVD-2023-0554
Malicious code in bioql PyPI...
USN-6065-1: css-what vulnerabilities
It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-33587, CVE-2022-21222...
GHSA-V63Q-HGQC-QVPG MooTools Regular Expression Denial of Service
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
DEBIAN-CVE-2021-32821
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
UBUNTU-CVE-2021-32821
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
CVE-2021-32821
CVE-2021-32821 affects MooTools (JavaScript utilities). The issue is a vulnerability in MooTools’ CSS selector parser, where a crafted CSS selector can trigger a Regular Expression Denial of Service (ReDoS) at runtime. Exploitation requires injecting a string into a selector (e.g., via runtime qu...
mootools 资源管理错误漏洞
mootools is a library for web development with OOP support. A resource management error vulnerability exists in mootools, which stems from a CSS selector parser that includes a vulnerability to Regular Expression Denial of Service ReDoS attacks, which can be exploited to inject strings into CSS...
PT-2023-12174 · Mootools +1 · Mootools +1
Name of the Vulnerable Software and Affected Versions: MooTools versions all known versions Description: The issue concerns a CSS selector parser in MooTools that is vulnerable to Regular Expression Denial of Service ReDoS. An attack can occur if an attacker can inject a string into a CSS selecto...
CVE-2021-32821 Regular expression Denial of Service in MooTools
MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...
Unspecified vulnerability in css-what
css-what is a CSS selector parser. A security vulnerability exists in css-what versions prior to 5.0.1, which stems from the fact that the css-what package does not ensure that property parsing has linear time complexity with respect to input size. No details of the vulnerability are available at...
libcroco Denial of Service Vulnerability (CNVD-2017-11760)
libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crparserparseselectorcore' function of the cr-parser.c file in libcroco version 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service infinite loop and CPU consumption with the help of a...