cve/CVE-2023-44270.md at 4cdc7cc63082b60e36d1d9d956509a405762a272

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

POC

Reference

No PoCs from references.

Github

https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/seal-community/patches
https://github.com/xavierloeraflores/github-url-converter

941 B Raw Blame History

CVE-2023-44270

Description

POC

Reference

Github

941 B

Raw Blame History