Lucene search
GoogleOSV:GHSA-PRR3-C3M5-P7Q2HistoryNov 30, 2023 - 7:51 p.m.
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
2023-11-3019:51:29
Google
osv.dev
5
adobe css tools
improper input validation
denial of service
inefficient regular expression complexity
vulnerability
patch
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7
Confidence
High
EPSS
0.001
Percentile
28.6%
Impact
@adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
Patches
The issue has been resolved in 4.3.2.
Workarounds
None
References
N/A
Related
mscve
mscve
prion
prion
Input validation
2023-12-14 13:15:00
redhatcve
redhatcve
CVE-2023-48631
2023-12-14 16:14:04
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-12-01 07:53:53
cvelist
cvelist
cve
cve
CVE-2023-48631
2023-12-14 13:15:54
github
github
gitlab
gitlab
nvd
nvd
CVE-2023-48631
2023-12-14 13:15:54
redhat
redhat
ibm
ibm
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7
Confidence
High
EPSS
0.001
Percentile
28.6%
Related for OSV:GHSA-PRR3-C3M5-P7Q2