View all vulnerabilities

CVE-2021-23368

Regular Expression Denial of Service in postcss

The npm package `postcss` from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Versions
postcss >= 7.0.0 < 7.0.36; postcss >= 8.0.0 < 8.2.10
Severity
Medium
Ecosystem
JavaScript
Publish Date
May 10, 2021
Modified Date
January 14, 2025