vulnerability
Ubuntu: (CVE-2021-23368): node-postcss vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Apr 12, 2021 | Jun 26, 2025 | Jun 26, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Apr 12, 2021
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Solution
no-fix-ubuntu-package
References
- CVE-2021-23368
- https://attackerkb.com/topics/CVE-2021-23368
- URL-https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
- URL-https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
- URL-https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
- URL-https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
- URL-https://www.cve.org/CVERecord?id=CVE-2021-23368
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.