Description
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS.
Recommendation
Update the postcss package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.4.31
- Patched version(s): 8.4.31
References
Related Issues
- @fastify/reply-from JSON Content-Type parsing confusion - CVE-2023-51701
- angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend - CVE-2023-28444
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - CVE-2023-22621
- appium-desktop OS Command Injection vulnerability - CVE-2023-2479
You might also like:
- Tags:
- npm
- postcss
Anything's wrong? Let us know Last updated on November 04, 2025


