CVE-2021-23382
npm/postcss
Uncontrolled Resource Consumption
The package postcss is vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL()
and loadAnnotation()
in lib/previous-map.js
.
All versions before 7.0.36, all versions starting from 8.0.0 before 8.2.13
Upgrade to versions 7.0.36, 8.2.13 or above.
2021-05-05
source |