5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.6%
postcss is vulnerable to Improper Input Validation. The vulnerability is due to the RE_BAD_BRACKET
in tokenize.js
which does not account for carriage returns (\r). This means that any CSS containing a carriage return character \r
would not be matched by this regular expression, potentially allowing malicious CSS to bypass any security or validation check that relies on this regular expression check. This can leads to potential CSS injection vulnerabilities.