You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do you want to request a feature, report a bug or ask a question?
Security issue.
What is the current behavior?
The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=(.*).
svg-sprite-loader@6.0.11 requires postcss@^5.2.17 via svg-baker@1.7.0
Please tell us about your environment:
Node.js version: 16
webpack version: 4
svg-sprite-loader version: 6.0.11
OS type & version: macOS
The text was updated successfully, but these errors were encountered:
Shramkoweb
changed the title
Regular Expression Denial of Service in postcss
Regular Expression Denial of Service in postcss (6.0.11)
Jun 13, 2022
Do you want to request a feature, report a bug or ask a question?
Security issue.
What is the current behavior?
The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=(.*).
svg-sprite-loader@6.0.11
requirespostcss@^5.2.17
viasvg-baker@1.7.0
Please tell us about your environment:
The text was updated successfully, but these errors were encountered: