Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-hpx4-r86g-5jrg: @adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.1.

Workarounds

None

References

N/A

ghsa
#vulnerability#dos#nodejs#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-26364

@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Moderate severity GitHub Reviewed Published Aug 29, 2023 in adobe/css-tools • Updated Aug 29, 2023

Package

npm @adobe/css-tools (npm)

Affected versions

< 4.3.1

Impact

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.1.

Workarounds

None

References

N/A

References

  • GHSA-hpx4-r86g-5jrg
  • adobe/css-tools@2b09a25

Published to the GitHub Advisory Database

Aug 29, 2023

Last updated

Aug 29, 2023

Related news

Red Hat Security Advisory 2024-3989-03

Red Hat Security Advisory 2024-3989-03 - Migration Toolkit for Applications 6.2.3 release. Issues addressed include denial of service, memory leak, and password leak vulnerabilities.

Red Hat Security Advisory 2024-3919-03

Red Hat Security Advisory 2024-3919-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and spoofing vulnerabilities.

CVE-2023-26364: Regular Expression Denial of Service (ReDOS) while Parsing CSS

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.