CVE-2021-23368 (Medium) detected in postcss-8.2.4.tgz, postcss-7.0.35.tgz - autoclosed #67
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
mend-bolt-for-github
bot
changed the title
|
ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #70 |
|
ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #72 |
2 similar comments
|
ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #72 |
|
ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #72 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-23368 - Medium Severity Vulnerability
postcss-8.2.4.tgz
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-8.2.4.tgz
Path to dependency file: js-snackbar/package.json
Path to vulnerable library: js-snackbar/node_modules/postcss/package.json,js-snackbar/node_modules/postcss/package.json
Dependency Hierarchy:
postcss-7.0.35.tgz
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: js-snackbar/package.json
Path to vulnerable library: js-snackbar/node_modules/postcss-discard-overridden/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-display-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-params/node_modules/postcss/package.json,js-snackbar/node_modules/cssnano/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-timing-functions/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-display-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-repeat-style/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-svgo/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-svgo/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-reduce-transforms/node_modules/postcss/package.json,js-snackbar/node_modules/cssnano-preset-default/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-calc/node_modules/postcss/package.json,js-snackbar/node_modules/cssnano-preset-default/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-whitespace/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-unicode/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-reduce-transforms/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-colormin/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-url/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-reduce-initial/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-params/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-ordered-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-charset/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-calc/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-overridden/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-colormin/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-string/node_modules/postcss/package.json,js-snackbar/node_modules/cssnano-util-raw-cache/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-string/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-comments/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-unique-selectors/node_modules/postcss/package.json,js-snackbar/node_modules/css-declaration-sorter/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-font-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-empty/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-convert-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-convert-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-merge-rules/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-charset/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-positions/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-positions/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-selectors/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-selectors/node_modules/postcss/package.json,js-snackbar/node_modules/cssnano-util-raw-cache/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-ordered-values/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-comments/node_modules/postcss/package.json,js-snackbar/node_modules/stylehacks/node_modules/postcss/package.json,js-snackbar/node_modules/stylehacks/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-duplicates/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-empty/node_modules/postcss/package.json,js-snackbar/node_modules/css-declaration-sorter/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-reduce-initial/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-unique-selectors/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-url/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-gradients/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-timing-functions/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-repeat-style/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-merge-rules/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-merge-longhand/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-merge-longhand/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-unicode/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-normalize-whitespace/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-discard-duplicates/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-gradients/node_modules/postcss/package.json,js-snackbar/node_modules/cssnano/node_modules/postcss/package.json,js-snackbar/node_modules/postcss-minify-font-values/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: b35b12e4b75552332fefa13fbaab6aeafccb3a81
Found in base branch: master
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: