CVE-2023-26364: @adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

November 17, 2023 (updated November 24, 2023)

Impact

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.1.

Workarounds

None

References

N/A

References

github.com/adobe/css-tools/commit/2b09a25d1dbdbb16fe80065e4c9beb5623ee5793
github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg
github.com/advisories/GHSA-hpx4-r86g-5jrg

Detect and mitigate CVE-2023-26364 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →