Regular Expression Denial of Service in postcss
Moderate severity
GitHub Reviewed
Published
May 10, 2021
•
Updated Jun 15, 2021
Package
Affected versions
>= 7.0.0, < 7.0.36
>= 8.0.0, < 8.2.10
Patched versions
7.0.36
8.2.10
The npm package
postcss
from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.References