Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:postcss:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductPostcss (190612f7-9e8d-5e96-b261-622a3b988f70)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-23382 vulnerable 2026-06-08 05:30:02.829800 Regular Expression Denial of Service (ReDoS)
MEDIUM (5.3)
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).
Published: 2021-04-26T15:30:26.301Z
Updated: 2024-09-16T23:26:53.744Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-23368 vulnerable 2026-06-08 05:30:02.804909 Regular Expression Denial of Service (ReDoS)
MEDIUM (5.3)
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Published: 2021-04-12T13:50:14.764Z
Updated: 2024-09-16T17:27:47.659Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.