Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-26364

Опубликовано: 17 нояб. 2023
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.

Меры по смягчению последствий

No mitigation is yet available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 2css-toolsNot affected
Migration Toolkit for Applications 6mta/mta-ui-rhel9Will not fix
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-console-plugin-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-api-rhel8Affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-db-migration-rhel8Affected
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-ui-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Not affected
Red Hat Ansible Automation Platform 2aap-cloud-ui-containerNot affected
Red Hat build of OptaPlanner 8css-toolsWill not fix
Red Hat Data Grid 8css-toolsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2250364css-tools: Improper Input Validation causes Denial of Service via Regular Expression

EPSS

Процентиль: 38%
0.00168
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-26364

CVSS3: 5.3
nvd
около 2 лет назад

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

github логотип

GHSA-hpx4-r86g-5jrg

CVSS3: 5
github
больше 2 лет назад

@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

fstec логотип

BDU:2023-08268

CVSS3: 5.3
fstec
больше 2 лет назад

Уязвимость CSS-парсера для Node.js css-tools, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 38%
0.00168
Низкий

5.3 Medium

CVSS3