CVE-2023-44270
Summary
| CVE | CVE-2023-44270 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-29 22:15:00 UTC |
| Updated | 2023-10-10 17:19:00 UTC |
| Description | An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment. |
Risk And Classification
Problem Types: CWE-74
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Fix carrier return parsing · postcss/postcss@58cc860 · GitHub | MISC | github.com | |
| GHSA-7fh5-64p2-3v2j contains no security impact · Issue #2820 · github/advisory-database · GitHub | MISC | github.com | |
| Release 8.4.31 · postcss/postcss · GitHub | MISC | github.com | |
| postcss/tokenize.js at main · postcss/postcss · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995507 NodeJs (Npm) Security Update for postcss (GHSA-7fh5-64p2-3v2j)