744 matches found
GHSA-7FH5-64P2-3V2J PostCSS line return parsing error
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets CSS. There may be \r discrepancies, as demonstrated by @font-face font:\r/; in a rule. This vulnerability affects linters using PostCSS to parse external untrusted CSS. An...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
DEBIAN-CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
Code injection
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
UBUNTU-CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
PostCSS Injection Vulnerability
Andrey Sitnik postcss is an application by the individual developer Andrey Sitnik in Spain. A tool for converting styles using JS plugins. An injection vulnerability exists in versions of PostCSS prior to 8.4.31. No information about this vulnerability is available at this time, please stay tuned...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...
CVE-2023-44270
CVE-2023-44270 : PostCSS before 8.4.31 has a vulnerability where CSS that is parsed from external untrusted CSS can cause parts of the CSS to be treated as comments and then end up in the PostCSS output as valid CSS nodes (rules/properties). This can occur when linters rely on PostCSS for parsing...
PT-2023-7567
Name of the Vulnerable Software and Affected Versions PostCSS versions prior to 8.4.31 Description The issue affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contain parts parsed by PostCSS as a CSS comment. After processing by...
Malicious Package
Overview postcss-file-match is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious code in postcss-file-match (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 416239cd07c736ee9cda1661d413016b66a35ccd99054f13c8fb5b81fefa02dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-690 Malicious code in postcss-file-match (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 416239cd07c736ee9cda1661d413016b66a35ccd99054f13c8fb5b81fefa02dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview postcss-toc is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
MAL-2022-5423 Malicious code in postcss-fleexbugs-fixs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e1b9d652e96c357326a2bbdd94a69349443c42ed9a6d7115745a02db3e3cb47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in postcss-fleexbugs-fixs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e1b9d652e96c357326a2bbdd94a69349443c42ed9a6d7115745a02db3e3cb47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in postcss-lazy-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3af0b17a0cca4f52c02b138fec9e69ba2c506346ef1a6b57cbf893a03b7b5c46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...