NodeJS/postcss/8.4.15

Tool for transforming styles with JS plugins

https://www.npmjs.com/package/postcss
MIT

1 Security Vulnerabilities

PostCSS line return parsing error

Published date: 2023-09-30T00:31:10Z
CVE: CVE-2023-44270
Links:

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Affected versions: ["0.2.0", "0.3.1", "0.3.3", "0.3.4", "2.0.0", "2.1.1", "2.2.3", "2.2.5", "3.0.2", "3.0.6", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.6", "4.1.0", "4.1.1", "4.1.2", "4.1.5", "4.1.6", "4.1.7", "4.1.12", "4.1.14", "4.1.15", "4.1.16", "5.0.0", "5.0.1", "5.0.2", "5.0.5", "5.0.6", "5.0.9", "5.0.10", "5.0.11", "5.0.14", "5.0.15", "5.0.16", "5.0.17", "5.0.19", "5.1.0", "5.1.1", "5.1.2", "5.2.0", "5.2.2", "5.2.4", "5.2.5", "5.2.6", "5.2.8", "5.2.9", "5.2.10", "5.2.14", "5.2.15", "5.2.17", "6.0.0", "6.0.2", "6.0.6", "6.0.8", "6.0.10", "5.2.18", "6.0.13", "6.0.15", "6.0.16", "6.0.19", "6.0.21", "0.1.0", "0.3.0", "0.3.2", "0.3.5", "1.0.0", "2.1.0", "2.1.2", "2.2.0", "2.2.1", "2.2.2", "2.2.4", "2.2.6", "3.0.0", "3.0.1", "3.0.3", "3.0.4", "3.0.5", "3.0.7", "4.0.4", "4.0.5", "4.1.3", "4.1.4", "4.1.8", "4.1.9", "4.1.10", "4.1.11", "4.1.13", "5.0.3", "5.0.4", "5.0.7", "5.0.8", "5.0.12", "5.0.13", "5.0.18", "5.0.20", "5.0.21", "5.2.1", "5.2.3", "5.2.7", "5.2.11", "5.2.12", "5.2.13", "5.2.16", "6.0.1", "6.0.3", "6.0.4", "6.0.5", "6.0.7", "6.0.9", "6.0.11", "6.0.12", "6.0.14", "6.0.17", "6.0.18", "6.0.20", "7.0.3", "7.0.7", "7.0.9", "7.0.10", "7.0.11", "7.0.12", "7.0.13", "7.0.15", "7.0.16", "7.0.20", "7.0.22", "7.0.23", "7.0.24", "7.0.25", "7.0.26", "7.0.28", "7.0.29", "7.0.31", "8.0.0", "8.0.6", "8.0.7", "8.0.9", "8.1.0", "6.0.22", "6.0.23", "7.0.0", "7.0.1", "7.0.2", "7.0.4", "7.0.5", "7.0.6", "7.0.8", "7.0.14", "7.0.17", "7.0.18", "7.0.19", "7.0.21", "7.0.27", "7.0.30", "7.0.32", "8.0.1", "8.0.2", "8.0.3", "7.0.33", "8.0.4", "7.0.34", "8.0.5", "8.0.8", "7.0.35", "8.1.1", "8.1.2", "8.1.3", "8.1.4", "8.1.5", "8.1.6", "8.1.7", "8.1.8", "8.1.9", "8.1.10", "8.1.13", "8.1.11", "8.1.12", "8.1.14", "8.2.0", "8.2.1", "8.2.2", "8.2.3", "8.2.4", "8.2.5", "8.2.6", "8.2.7", "8.2.8", "8.2.9", "8.2.10", "8.2.11", "8.2.12", "8.2.13", "8.2.14", "8.2.15", "8.3.0", "8.3.1", "8.3.2", "7.0.36", "8.3.3", "8.3.4", "8.3.5", "8.3.6", "8.3.7", "7.0.37", "8.3.8", "7.0.38", "7.0.39", "8.3.9", "8.3.10", "8.3.11", "8.4.1", "8.4.0", "8.4.3", "8.4.4", "8.4.2", "8.4.5", "8.4.6", "8.4.7", "8.4.8", "8.4.9", "8.4.10", "8.4.11", "8.4.12", "8.4.13", "8.4.14", "8.4.15", "8.4.16", "8.4.17", "8.4.18", "8.4.19", "8.4.20", "8.4.21", "8.4.22", "8.4.23", "8.4.24", "8.4.25", "8.4.26", "8.4.27", "8.4.28", "8.4.29", "8.4.30"]
Secure versions: [8.4.31, 8.4.32, 8.4.33, 8.4.34, 8.4.35, 8.4.36, 8.4.37, 8.4.38, 8.4.39, 8.4.40, 8.4.41, 8.4.42, 8.4.43, 8.4.44, 8.4.45, 8.4.46, 8.4.47, 8.4.48, 8.4.49, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6]
Recommendation: Update to version 8.5.6.

270 Other Versions

Version License Security Released
6.0.23 MIT 2 2018-06-21 - 18:43 about 7 years
6.0.22 MIT 2 2018-04-28 - 05:21 about 7 years
6.0.21 MIT 2 2018-03-22 - 18:39 over 7 years
6.0.20 MIT 2 2018-03-17 - 01:57 over 7 years
6.0.19 MIT 2 2018-02-17 - 22:32 over 7 years
6.0.18 MIT 2 2018-02-15 - 11:48 over 7 years
6.0.17 MIT 2 2018-02-01 - 19:56 over 7 years
6.0.16 MIT 2 2018-01-06 - 02:44 over 7 years
6.0.15 MIT 2 2018-01-02 - 01:19 over 7 years
6.0.14 MIT 2 2017-11-02 - 13:51 over 7 years
6.0.13 MIT 2 2017-10-04 - 14:09 over 7 years
6.0.12 MIT 2 2017-09-25 - 07:22 almost 8 years
6.0.11 MIT 2 2017-09-06 - 06:00 almost 8 years
6.0.10 MIT 2 2017-08-27 - 10:00 almost 8 years
6.0.9 MIT 2 2017-08-11 - 20:57 almost 8 years
6.0.8 MIT 2 2017-07-19 - 16:01 almost 8 years
6.0.7 MIT 2 2017-07-17 - 15:16 almost 8 years
6.0.6 MIT 2 2017-07-05 - 16:33 almost 8 years
6.0.5 MIT 2 2017-07-03 - 11:18 almost 8 years
6.0.4 MIT 2 2017-06-30 - 11:39 about 8 years
6.0.3 MIT 2 2017-06-23 - 19:17 about 8 years
6.0.2 MIT 2 2017-06-12 - 18:47 about 8 years
6.0.1 MIT 2 2017-05-07 - 11:37 about 8 years
6.0.0 MIT 2 2017-05-06 - 11:44 about 8 years
5.2.18 MIT 2 2017-10-04 - 13:48 over 7 years
5.2.17 MIT 2 2017-04-13 - 22:57 about 8 years
5.2.16 MIT 2 2017-03-07 - 15:51 over 8 years
5.2.15 MIT 2 2017-02-22 - 12:00 over 8 years
5.2.14 MIT 2 2017-02-17 - 09:03 over 8 years
5.2.13 MIT 2 2017-02-14 - 11:19 over 8 years
5.2.12 MIT 2 2017-02-05 - 21:32 over 8 years
5.2.11 MIT 2 2017-01-20 - 08:48 over 8 years
5.2.10 MIT 2 2017-01-12 - 07:51 over 8 years
5.2.9 MIT 2 2017-01-09 - 07:15 over 8 years
5.2.8 MIT 2 2016-12-26 - 08:08 over 8 years
5.2.7 MIT 2 2016-12-24 - 08:46 over 8 years
5.2.6 MIT 2 2016-11-22 - 12:55 over 8 years
5.2.5 MIT 2 2016-10-20 - 12:26 over 8 years
5.2.4 MIT 2 2016-09-30 - 05:20 almost 9 years
5.2.3 MIT 2 2016-09-29 - 09:50 almost 9 years
5.2.2 MIT 2 2016-09-26 - 12:58 almost 9 years
5.2.1 MIT 2 2016-09-26 - 12:11 almost 9 years
5.2.0 MIT 2 2016-09-07 - 04:29 almost 9 years
5.1.2 MIT 2 2016-08-06 - 18:02 almost 9 years
5.1.1 MIT 2 2016-07-26 - 09:03 almost 9 years
5.1.0 MIT 2 2016-07-12 - 16:39 almost 9 years
5.0.21 MIT 2 2016-05-02 - 16:12 about 9 years
5.0.20 MIT 2 2016-05-01 - 06:09 about 9 years
5.0.19 MIT 2 2016-03-02 - 18:51 over 9 years
5.0.18 MIT 2 2016-02-29 - 08:33 over 9 years