SCAContinuous visibility into open-source risk

Container SecurityEnd-to-end container defense across the SDLC

SASTStatic application security testing for source code

Vulnerability DatabaseCVEs with metrics and fixes

Explore All Products →

About UsThe People Behind The Promise

Operations TheaterAdaptive Use Cases for the Frontline

CareersJoin Moole: Security that hears the future

Contact UsWrite us and we promise to get back to you

Moole Experience CenterNavigate, Learn, & Execute the Security Stack

Trust CenterBuilt on transparency. Backed by documentation.

The Signal: The Moole BlogFiltering the Noise of the Cyber Underground

Moole Field Notes: Case StudiesLessons from the Digital Frontline

The Runbook: Tutorials & ManualsSOP for the Digital Frontier

The BriefingFAQs & Support Logs

NewsroomNotes from the Front Line

The Zero Day DictionaryTerms & Definitions

The SwitchboardIntegrations Across the Security Stack

The TerrainSecuring Every Environment

CVE-2021-23368

Security Operations for
Modern Software

MOOLE

Our goal is simple yet ambitious: to deliver an experience where world-class security feels effortless, empowering, and deeply human.

Products

SCA
Container Security
SAST
Vulnerability Database

Resources

The Signal
Moole Field Notes
The Moole Runbook
FAQs
Newsroom
The Zero Day Dictionary

Company

About Us
Use Cases
Careers
Contact Us
Moole Experience Center
Trust Center
Pricing

Connect

© 2026 MOOLE, Inc. All rights reserved.

Moole Vulnerability Database

Find real vulnerabilities before they ship

Vulnerability Database › npm › CVE-2021-23368

Medium

CVE-2021-23368

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

VectorNETWORK

PublishedApr 12, 2021, 14:15

Published Byreport@snyk.io

Base Score

Score5.3

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

postcss(npm)7.0.07.0.36N/A

postcss(npm)8.0.08.2.10N/A

References

https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be%40%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1%40%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab%40%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013%40%3Ccommits.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33%40%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb%40%3Ccommits.myfaces.apache.org%3E
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595

Weakness Type

NVD-CWE-noinfo

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base SeverityMedium

Version

3.1

Attack Vector (AV)

NETWORK