CVE-2023-48631: 
JavaScript vulnerability analysis and mitigation

The CVE-2023-48631 affects @adobe/css-tools versions 4.3.1 and earlier, involving an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. The vulnerability was disclosed on December 14, 2023, and has been classified as a Regular Expression Denial of Service (ReDoS) issue (Adobe Advisory).

The vulnerability is characterized by inefficient regular expression complexity (CWE-1333) and improper input validation (CWE-20). The CVSS v3.1 base score varies between assessments, with NVD rating it as 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) while Adobe Systems rates it as 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) (NVD).

The vulnerability can lead to a denial of service condition when attempting to parse CSS. The impact primarily affects the availability of the service, with no direct impact on confidentiality or integrity of the system (NVD, Adobe Advisory).

The vulnerability has been patched in version 4.3.2 of @adobe/css-tools. Users are advised to upgrade to this version or later to mitigate the vulnerability. No alternative workarounds have been provided (Adobe Advisory).