Vulnerabilites related to adobe - css-tools
Vulnerability from fkie_nvd
Published
2023-11-17 14:15
Modified
2024-11-21 07:51
Severity ?
Summary
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:css-tools:*:*:*:*:*:node.js:*:*", matchCriteriaId: "F9094691-0347-4E4A-9781-7204190B42C2", versionEndExcluding: "4.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.", }, { lang: "es", value: "@adobe/css-tools versión 4.3.0 y anteriores se ven afectados por una vulnerabilidad de validación de entrada incorrecta que podría provocar una denegación menor de servicio al intentar analizar CSS. La explotación de este problema no requiere interacción ni privilegios del usuario.", }, ], id: "CVE-2023-26364", lastModified: "2024-11-21T07:51:12.257", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@adobe.com", type: "Primary", }, ], }, published: "2023-11-17T14:15:21.083", references: [ { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@adobe.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-14 13:15
Modified
2024-11-21 08:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:css-tools:*:*:*:*:*:node.js:*:*", matchCriteriaId: "1C4CDB91-B31E-4570-A6D8-0D5A19DFD877", versionEndExcluding: "4.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.", }, { lang: "es", value: "Las versiones 4.3.1 y anteriores de @adobe/css-tools se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar una denegación de servicio al intentar analizar CSS.", }, ], id: "CVE-2023-48631", lastModified: "2024-11-21T08:32:08.637", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@adobe.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-14T13:15:54.250", references: [ { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@adobe.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-26364
Vulnerability from cvelistv5
Published
2023-11-17 13:38
Modified
2024-08-29 14:12
Severity ?
EPSS score ?
Summary
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Not a product |
Version: 0 ≤ 4.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:46:24.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-26364", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T14:10:03.698524Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T14:12:36.686Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Not a product", vendor: "Adobe", versions: [ { lessThanOrEqual: "4.3.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], datePublic: "2023-08-29T17:00:00.000Z", descriptions: [ { lang: "en", value: "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", confidentialityRequirement: "NOT_DEFINED", environmentalScore: 5.3, environmentalSeverity: "MEDIUM", exploitCodeMaturity: "NOT_DEFINED", integrityImpact: "NONE", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "LOW", modifiedAttackVector: "NETWORK", modifiedAvailabilityImpact: "LOW", modifiedConfidentialityImpact: "NONE", modifiedIntegrityImpact: "NONE", modifiedPrivilegesRequired: "NONE", modifiedScope: "NOT_DEFINED", modifiedUserInteraction: "NONE", privilegesRequired: "NONE", remediationLevel: "NOT_DEFINED", reportConfidence: "NOT_DEFINED", scope: "UNCHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation (CWE-20)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-17T13:38:41.278Z", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", }, ], source: { discovery: "EXTERNAL", }, title: "Denial of Service of regular expression in package @adobe/css-tools", }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2023-26364", datePublished: "2023-11-17T13:38:41.278Z", dateReserved: "2023-02-22T19:47:52.379Z", dateUpdated: "2024-08-29T14:12:36.686Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48631
Vulnerability from cvelistv5
Published
2023-12-14 13:09
Modified
2024-08-02 21:37
Severity ?
EPSS score ?
Summary
@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Not a product |
Version: 0 ≤ 4.3.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:37:53.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Not a product", vendor: "Adobe", versions: [ { lessThanOrEqual: "4.3.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], datePublic: "2023-12-12T17:00:00.000Z", descriptions: [ { lang: "en", value: "@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", confidentialityRequirement: "NOT_DEFINED", environmentalScore: 5.3, environmentalSeverity: "MEDIUM", exploitCodeMaturity: "NOT_DEFINED", integrityImpact: "NONE", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "LOW", modifiedAttackVector: "NETWORK", modifiedAvailabilityImpact: "LOW", modifiedConfidentialityImpact: "NONE", modifiedIntegrityImpact: "NONE", modifiedPrivilegesRequired: "NONE", modifiedScope: "NOT_DEFINED", modifiedUserInteraction: "NONE", privilegesRequired: "NONE", remediationLevel: "NOT_DEFINED", reportConfidence: "NOT_DEFINED", scope: "UNCHANGED", temporalScore: 5.3, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation (CWE-20)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-14T13:09:22.993Z", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { tags: [ "vendor-advisory", ], url: "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2", }, ], source: { discovery: "EXTERNAL", }, title: "Denial of Service of regular expression in package @adobe/css-tools", }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2023-48631", datePublished: "2023-12-14T13:09:22.993Z", dateReserved: "2023-11-16T23:29:25.406Z", dateUpdated: "2024-08-02T21:37:53.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }