Skip to content

Commit

Permalink
Publish GHSA-566m-qj78-rww5
Browse files Browse the repository at this point in the history
  • Loading branch information
@advisory-database
advisory-database[bot] authored Feb 23, 2022
1 parent 75c542f commit df3034d
Showing 1 changed file with 26 additions and 3 deletions.
29 changes: 26 additions & 3 deletions advisories/github-reviewed/2022/01/GHSA-566m-qj78-rww5/GHSA-566m-qj78-rww5.json
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"schema_version": "1.2.0",
"id": "GHSA-566m-qj78-rww5",
"modified": "2021-05-20T21:23:19Z",
"modified": "2022-02-23T20:31:15Z",
"published": "2022-01-07T00:21:36Z",
"aliases": [
"CVE-2021-23382"
],
"summary": "Regular Expression Denial of Service in postcss",
"details": "The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).",
"details": "The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).",
"severity": [
{
"type": "CVSS_V3",
Expand All @@ -25,14 +25,33 @@
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
"introduced": "8.0.0"
},
{
"fixed": "8.2.13"
}
]
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "postcss"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.36"
}
]
}
]
}
],
"references": [
Expand All @@ -44,6 +63,10 @@
"type": "WEB",
"url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956"
},
{
"type": "WEB",
"url": "https://github.com/postcss/postcss/releases/tag/7.0.36"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641"
Expand Down

0 comments on commit df3034d

Please sign in to comment.