Description
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
This vulnerability affects linters using PostCSS to parse external untrusted CSS.
Recommendation
Update the postcss package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.4.31
- Patched version(s): 8.4.31
References
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- postcss
Anything's wrong? Let us know Last updated on November 05, 2023