Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service (ReDoS) flaw in the getAnnotationURL() and loadAnnotation() functions in lib/previous-map.js. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Denial of Service
Node.js postcss 8.2.12
Upgrade to the latest version of postcss (8.2.13 or later), available from the postcss GIT Repository.