CVE-2023-44270
29.09.2023, 22:15
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
Vendor | Product | Version |
---|---|---|
postcss | postcss | 𝑥 < 8.4.31 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References