Bug 2383844 (CVE-2025-8263) - CVE-2025-8263 prettier: prettier parseNestedCSS ReDoS
Summary: CVE-2025-8263 prettier: prettier parseNestedCSS ReDoS
Keywords:
Status: NEW
Alias: CVE-2025-8263
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2384000 2384001 2384003 2384005 2384006 2384007 2384008 2384010 2384012 2384016 2384019 2384020 2384021 2384023 2384024 2384028 2384002 2384004 2384014 2384015 2384017 2384018 2384022 2384025 2384026 2384027 2384029
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-28 08:01 UTC by OSIDB Bzimport
Modified: 2025-11-03 06:53 UTC (History)
124 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-07-28 08:01:44 UTC 
A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Note You need to log in before you can comment on or make changes to this bug.