Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8263

Опубликовано: 28 июл. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A regular expression denial of service flaw has been discovered in the prettier code formatter tool. This flaw allows and attacker who has access to input source files to induce a denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 4io.cryostat-cryostatFix deferred
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-console-plugin-rhel9Fix deferred
Migration Toolkit for Virtualizationmtv-candidate/mtv-console-plugin-rhel9Fix deferred
Multicluster Global Hubmulticluster-globalhub/multicluster-globalhub-grafana-rhel9Fix deferred
Network Observability Operatornetwork-observability/network-observability-console-plugin-compat-rhel9Fix deferred
Network Observability Operatornetwork-observability/network-observability-console-plugin-rhel9Fix deferred
OpenShift Lightspeedopenshift-lightspeed/lightspeed-console-plugin-rhel9Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-console-plugin-rhel8Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-console-plugin-rhel9Fix deferred
OpenShift Pipelinesopenshift-pipelines/pipelines-hub-api-rhel8Fix deferred

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2383844prettier: prettier parseNestedCSS ReDoS

EPSS

Процентиль: 11%
0.00039
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.3
nvd
6 дней назад

A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS3: 4.3
debian
6 дней назад

A vulnerability was found in prettier up to 3.6.2. It has been declare ...

CVSS3: 4.3
github
6 дней назад

A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 11%
0.00039
Низкий

5.3 Medium

CVSS3