CVE-2021-23368

MEDIUM

Postcss < 7.0.36 - Denial of Service

Title source: rule
STIX 2.1

Description

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

References (10)

Core 10
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795

Scores

CVSS v3 5.3
EPSS 0.0032
EPSS Percentile 54.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Status published
Products (2)
npm/postcss 7.0.0 - 7.0.36npm
postcss/postcss 7.0.0 - 7.0.36
Published Apr 12, 2021
Tracked Since Feb 18, 2026