CVE-2023-26364 MEDIUM

CVE-2023-26364: Denial of Service of regular expression in package @adobe/css-tools

Vendor Adobe
Product Not a product
Weakness CWE-20 · Input validation
Published November 17, 2023
Last update August 29, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

Key dates

02Disclosure timeline

November 17, 2023 CVE published
August 29, 2024 Record updated