.avif)
View all vulnerabilities
CVE-2021-23368
Regular Expression Denial of Service in postcss
Description
The npm package `postcss` from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Versions
postcss >= 7.0.0 < 7.0.36; postcss >= 8.0.0 < 8.2.10
Severity
Medium
Medium
Medium
Ecosystem
JavaScript
Publish Date
May 10, 2021
Modified Date
January 14, 2025