Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-23382

Опубликовано: 26 апр. 2021
Источник: debian
EPSS Низкий

Описание

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-postcssfixed8.2.1+~cs5.3.23-7package
node-postcssno-dsabusterpackage

Примечания

  • https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

  • https://github.com/postcss/postcss/commit/2ad1ca9b965dde32223bee28dc259c339cbaaa05 (8.2.13)

EPSS

Процентиль: 22%
0.00071
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-23382

CVSS3: 5.3
ubuntu
почти 5 лет назад

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).

redhat логотип

CVE-2021-23382

CVSS3: 5.3
redhat
почти 5 лет назад

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).

nvd логотип

CVE-2021-23382

CVSS3: 5.3
nvd
почти 5 лет назад

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).

github логотип

GHSA-566m-qj78-rww5

CVSS3: 5.3
github
около 4 лет назад

Regular Expression Denial of Service in postcss

EPSS

Процентиль: 22%
0.00071
Низкий