Skip to content
This repository has been archived by the owner on Feb 18, 2022. It is now read-only.

Security Alert - Package: postcss; Severity: MODERATE #795

Open
phenggeler opened this issue Jan 25, 2022 · 0 comments
Open

Security Alert - Package: postcss; Severity: MODERATE #795

phenggeler opened this issue Jan 25, 2022 · 0 comments

Comments

@phenggeler
Copy link

phenggeler commented Jan 25, 2022
edited
Loading 

    Affected package: postcss
    Ecosystem: NPM
    Affected version range: < 8.2.13

    Summary: Regular Expression Denial of Service in postcss
    Description: The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).
    identifiers: [{'type': 'GHSA', 'value': 'GHSA-566m-qj78-rww5'}, {'type': 'CVE', 'value': 'CVE-2021-23382'}]

    Fixed Version: 8.2.13
    Created Date = January 25, 2022

    

    ---
    
    Affected package: postcss
    Ecosystem: NPM
    Affected version range: >= 7.0.0, < 7.0.36

    Summary: Regular Expression Denial of Service in postcss
    Description: The npm package `postcss` from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
    identifiers: [{'type': 'GHSA', 'value': 'GHSA-hwj9-h5mp-3pm3'}, {'type': 'CVE', 'value': 'CVE-2021-23368'}]

    Fixed Version: 7.0.36
    Created Date = January 25, 2022

    

    ---
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@phenggeler