CVE-2021-23368
MEDIUMpostcss 7.0.0-7.0.35 - Regular Expression Denial of Service in Source Map Parsing
Title source: llmDescription
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
References (10)
Core 10
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
Patch, Third Party Advisory x_refsource_misc
https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
Patch, Third Party Advisory x_refsource_misc
https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1%40%3Cdev.myfaces.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33%40%3Cdev.myfaces.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be%40%3Cdev.myfaces.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013%40%3Ccommits.myfaces.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb%40%3Ccommits.myfaces.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab%40%3Cdev.myfaces.apache.org%3E
Scores
CVSS v3
5.3
EPSS
0.0354
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
Status
published
Products (2)
npm/postcss
7.0.0 - 7.0.36npm
postcss/postcss
7.0.0 - 7.0.36
Published
Apr 12, 2021
Tracked Since
Feb 18, 2026