CVE-2023-26364

{"id": "CVE-2023-26364", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-11-17T14:15:21.083", "references": [{"url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges."}, {"lang": "es", "value": "@adobe/css-tools versi\u00f3n 4.3.0 y anteriores se ven afectados por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una denegaci\u00f3n menor de servicio al intentar analizar CSS. La explotaci\u00f3n de este problema no requiere interacci\u00f3n ni privilegios del usuario."}], "lastModified": "2023-11-24T19:28:52.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:css-tools:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "F9094691-0347-4E4A-9781-7204190B42C2", "versionEndExcluding": "4.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}