Description
The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Recommendation
Update the postcss package to the latest compatible version. Followings are version details:
Affected version(s): **>= 8.0.0, < 8.2.10 >= 7.0.0, < 7.0.36** Patched version(s): **8.2.10 7.0.36**
References
Related Issues
- Regular Expression Denial of Service in postcss - CVE-2021-23382
- Regular Expression Denial of Service in browserslist - CVE-2021-23364
- Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
- Regular Expression Denial of Service (REDoS) in Marked - CVE-2021-21306
You might also like:
- Tags:
- npm
- postcss
Anything's wrong? Let us know Last updated on February 01, 2023


