CVE-2023-48631 - OpenCVE

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Css-tools

Configuration 1 [-]

cpe:2.3:a:adobe:css-tools:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2023-12-14T13:09:22.993Z

Updated: 2023-12-14T13:09:22.993Z

Reserved: 2023-11-16T23:29:25.406Z

Link: CVE-2023-48631

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-14T13:15:54.250

Modified: 2023-12-18T20:14:50.077

Link: CVE-2023-48631

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-48631", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2023-11-16T23:29:25.406Z", "datePublished": "2023-12-14T13:09:22.993Z", "dateUpdated": "2023-12-14T13:09:22.993Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Not a product", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "4.3.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-12-12T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "LOW", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-12-14T13:09:22.993Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial of Service of regular expression in package @adobe/css-tools"}}}