Improper Input Validation in @adobe/css-tools

CVE-2023-26364

@adobe/css-tools

Medium

5.3/10

Summary

The package @adobe/css-tools in versions prior to 4.3.1 are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Nov 17, 2023

Improper Input Validation in @adobe/css-tools

CVE-2023-26364

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS