CVE-2023-26364 - OpenCVE

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Css-tools

Configuration 1 [-]

cpe:2.3:a:adobe:css-tools:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2023-11-17T13:38:41.278Z

Updated: 2023-11-17T13:38:41.278Z

Reserved: 2023-02-22T19:47:52.379Z

Link: CVE-2023-26364

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-17T14:15:21.083

Modified: 2023-11-24T19:28:52.777

Link: CVE-2023-26364

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-26364", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2023-02-22T19:47:52.379Z", "datePublished": "2023-11-17T13:38:41.278Z", "dateUpdated": "2023-11-17T13:38:41.278Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Not a product", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "4.3.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-08-29T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-11-17T13:38:41.278Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial of Service of regular expression in package @adobe/css-tools"}}}