| शीर्षक | postcss-selector-parser postcss <= 7.1.1 CWE-674: Uncontrolled Recursion |
|---|
| विवरण | `postcss-selector-parser` contains a second, independent stack overflow vulnerability in its AST serialization path. The `toString()` method on `Container` and `Pseudo` nodes recurse into each other without any depth limit. An attacker can trigger this by either:
1. Supplying a deeply nested CSS selector string that the parser successfully parses (depth < parser crash threshold), then causing `toString()` to be called on the resulting AST.
2. Constructing a deep AST programmatically via the public API and calling `toString()` directly.
The `toString()` crash threshold (~887 levels) is **independent of and lower than** the parser crash threshold for some pseudo-classes, meaning inputs exist that parse successfully but crash on serialization. The `processor.js` layer calls `root.toString()` internally on every `processSync()` / `process()` call when `updateSelector` is set, making this reachable through normal library usage. |
|---|
| स्रोत | ⚠️ https://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9 |
|---|
| उपयोगकर्ता | bx33661 (UID 87537) |
|---|
| सबमिशन | 25/04/2026 05:11 PM (1 महीना पहले) |
|---|
| संयम | 23/05/2026 11:49 AM (28 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365321 [postcss तक 7.1.1 AST Serialization container.js toString सेवा अस्वीकार] |
|---|
| अंक | 20 |
|---|