CVE-2021-23382

Uncontrolled Resource Consumption in npm/postcss

Identifiers

CVE-2021-23382

Package Slug

npm/postcss

Vulnerability

Uncontrolled Resource Consumption

Description

The package postcss is vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js.

Affected Versions

All versions before 7.0.36, all versions starting from 8.0.0 before 8.2.13

Solution

Upgrade to versions 7.0.36, 8.2.13 or above.

Last Modified

2021-05-05

source