Publish GHSA-566m-qj78-rww5

advisory-database[bot] · web-flow · commit df3034df6abf · 2022-02-23T20:31:18.000Z
diff --git a/advisories/github-reviewed/2022/01/GHSA-566m-qj78-rww5/GHSA-566m-qj78-rww5.json b/advisories/github-reviewed/2022/01/GHSA-566m-qj78-rww5/GHSA-566m-qj78-rww5.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.2.0",
   "id": "GHSA-566m-qj78-rww5",
-  "modified": "2021-05-20T21:23:19Z",
+  "modified": "2022-02-23T20:31:15Z",
   "published": "2022-01-07T00:21:36Z",
   "aliases": [
     "CVE-2021-23382"
   ],
   "summary": "Regular Expression Denial of Service in postcss",
-  "details": "The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).",
+  "details": "The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -25,14 +25,33 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "8.0.0"
             },
             {
               "fixed": "8.2.13"
             }
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "postcss"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "7.0.36"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -44,6 +63,10 @@
       "type": "WEB",
       "url": "https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/postcss/postcss/releases/tag/7.0.36"
+    },
     {
       "type": "WEB",
       "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641"
