CVE-2021-23382

Uncontrolled Resource Consumption in npm/postcss

Identifier

CVE-2021-23382

Package Slug

npm/postcss

Vulnerability

Uncontrolled Resource Consumption

Description

The package postcss are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js.

Affected Versions

All versions before 8.2.13

Solution

Upgrade to version 8.2.13 or above.

Last Modified

2021-05-05

source