postcss is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure usage of regex sub-pattern \/\\*\s* sourceMappingURL=(.*)
via getAnnotationURL()
and loadAnnotation()
in lib/previous-map.js
.
CPE | Name | Operator | Version |
---|---|---|---|
postcss | le | 8.2.10 | |
postcss | le | 8.2.12 | |
postcss | le | 7.0.30 | |
node-postcss:sid | eq | 7.0.34-1 | |
node-postcss:bullseye | eq | 8.2.1+~cs5.3.23-5 | |
node-postcss:bullseye | eq | 7.0.34-1 |