CVE-2021-23368

Regular Expression Denial of Service in postcss

Description

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

JavaScript

Publish Date

May 10, 2021

Modified Date

January 14, 2025

Score Vector

Affected Versions