Security vulnerability in postcss@6.0.2CVE-2021-23382 is detected via the following package dependency path:
rtlcss@2.6.2 ➔ postcss@6.0.2
The vulnerability in postcss@6.0.2 has been resolved in version 8.2.13, 7.0.36 or higher
rtlcss has also resolved the dependency on postcss@6.0.2 by upgrading to postcss@^8.2.1 with the release of version 3.x
Description of Vulnerability:
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s# sourceMappingURL=(.).
Security vulnerability in
postcss@6.0.2
CVE-2021-23382 is detected via the following package dependency path:rtlcss@2.6.2 ➔ postcss@6.0.2
The vulnerability in
postcss@6.0.2
has been resolved in version8.2.13
,7.0.36
or higher rtlcss has also resolved the dependency onpostcss@6.0.2
by upgrading topostcss@^8.2.1
with the release of version3.x
Description of Vulnerability:
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s# sourceMappingURL=(.).
Solution:
Upgrade
rtlcss^2.6.2 ➔ ^3.0.0