2254559 – (CVE-2023-48631) CVE-2023-48631 css-tools: regular expression denial of service (ReDoS) when parsing CSS

Bug 2254559 (CVE-2023-48631) - CVE-2023-48631 css-tools: regular expression denial of service (ReDoS) when parsing CSS

Summary: CVE-2023-48631 css-tools: regular expression denial of service (ReDoS) when p...

Keywords:
Status:	NEW
Alias:	CVE-2023-48631
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2254570 2254720
Blocks:	2254569
TreeView+	depends on / blocked

Reported:	2023-12-14 14:31 UTC by TEJ RATHI
Modified:	2025-04-01 08:28 UTC (History)
CC List:	86 users (show)
Fixed In Version:	css-tools 4.3.2
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:3316	None	None	None	2024-05-23 06:39:58 UTC
Red Hat Product Errata	RHSA-2024:3919	None	None	None	2024-06-13 11:38:40 UTC
Red Hat Product Errata	RHSA-2024:3989	None	None	None	2024-06-20 00:35:54 UTC

Description TEJ RATHI 2023-12-14 14:31:56 UTC

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2

Comment 12 errata-xmlrpc 2024-05-23 06:39:53 UTC

This issue has been addressed in the following products:

  MTA-7.0-RHEL-9
  MTA-7.0-RHEL-8

Via RHSA-2024:3316 https://access.redhat.com/errata/RHSA-2024:3316

Comment 13 errata-xmlrpc 2024-06-13 11:38:35 UTC

This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2024:3919 https://access.redhat.com/errata/RHSA-2024:3919

Comment 14 errata-xmlrpc 2024-06-20 00:35:49 UTC

This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2024:3989 https://access.redhat.com/errata/RHSA-2024:3989

Note You need to log in before you can comment on or make changes to this bug.

aarif
aazores
adamevin
adudiak
adupliak
amctagga
aprice
asoldano
bbaranow
bmaxwell
boliveir
brian.stansberry
caswilli
cdewolf
chazlett
darran.lofthouse
davidn
dfreiber
dkenigsb
dkreling
dosoudil
drichtar
drow
eaguilar
ebaron
epacific
fdeutsch
fjuma
ivassile
iweiss
jburrell
jcammara
jchui
jhardy
jkang
jkoehler
jneedle
jobarker
jpallich
jsherril
kaycoth
kshier
ktsao
lgao
mabashia
mnovotny
mosmerov
mpierce
msochure
mstefank
msvehla
mulliken
mwringe
nboldt
nwallace
oezr
oramraz
pajung
pdrozd
peholase
pjindal
pmackay
pskopek
rguimara
rjohnson
rowaters
rstancel
rtaniwa
saroy
sfroberg
simaishi
smaestri
smcdonal
smullick
stcannon
sthirugn
sthorger
teagle
tfister
tkral
tom.jenkinson
vkrizan
vkumar
vmugicag
yguenane
zsadeh