Lucene search
Veracode Vulnerability DatabaseVERACODE:30173HistoryApr 27, 2021 - 4:38 a.m.
Regular Expression Denial Of Service (ReDoS)
2021-04-2704:38:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
58.6%
postcss is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure usage of regex sub-pattern \/\\*\s* sourceMappingURL=(.*) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js.
| CPE | Name | Operator | Version |
|---|---|---|---|
| postcss | le | 8.2.10 | |
| postcss | le | 8.2.12 | |
| postcss | le | 7.0.30 | |
| node-postcss:sid | eq | 7.0.34-1 | |
| node-postcss:bullseye | eq | 8.2.1+~cs5.3.23-5 | |
| node-postcss:bullseye | eq | 7.0.34-1 |
Related
cve
cve
CVE-2021-23382
2021-04-26 16:15:07
cvelist
cvelist
CVE-2021-23382 Regular Expression Denial of Service (ReDoS)
2021-04-26 00:00:00
redhatcve
redhatcve
CVE-2021-23382
2021-04-27 17:16:11
ubuntucve
ubuntucve
CVE-2021-23382
2021-04-26 00:00:00
prion
prion
Code injection
2021-04-26 16:15:00
github
github
Regular Expression Denial of Service in postcss
2022-01-07 00:21:36
osv
osv
Regular Expression Denial of Service in postcss
2022-01-07 00:21:36
CVE-2021-23382
2021-04-26 16:15:07
nvd
nvd
CVE-2021-23382
2021-04-26 16:15:07
debiancve
debiancve
CVE-2021-23382
2021-04-26 16:15:07
ibm
ibm
redhat
redhat
nessus
nessus
Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)
2024-05-02 00:00:00