icon

We found results for “

CVE-2023-44270

Good to know:

icon
icon

Date: September 28, 2023

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improper Neutralization of Line Delimiters

CWE-144

Top Fix

icon

Upgrade Version

Upgrade to version jeffersonpereira/realestatelaravel - 1.3.21;jeffersonpereira/realestatelaravel - 1.2.4;jeffersonpereira/realestatelaravel - dev-feat/REL-1-support-mass-download-images;jeffersonpereira/realestatelaravel - 1.3.18;jeffersonpereira/realestatelaravel - 1.1.1;jeffersonpereira/realestatelaravel - 1.3.15;jeffersonpereira/realestatelaravel - no_fix;jeffersonpereira/realestatelaravel - 1.0.11;jeffersonpereira/realestatelaravel - 1.3.0;jeffersonpereira/realestatelaravel - 1.3.7;meesy/shopavel - dev-dependabot/npm_and_yarn/ansi-regex-5.0.1;meesy/shopavel - dev-dependabot/composer/laravel/framework-8.40.0;meesy/shopavel - dev-add-code-of-conduct-1;meesy/shopavel - dev-master;meesy/shopavel - dev-dependabot/npm_and_yarn/dns-packet-1.3.4;meesy/shopavel - dev-dependabot/npm_and_yarn/axios-0.21.2;meesy/shopavel - dev-dependabot/npm_and_yarn/color-string-1.6.0;insyht/larvelous - 0.1;insyht/larvelous - no_fix;klementinweb/klementin-wp - no_fix;mcdanielsoftware/mcdaniel-wp-reviews - no_fix;rogelio1502/ef-package - 0.0.22;rogelio1502/ef-package - 0.0.47;axistrustee/compliance-overview - dev-report;OctoWeb01 - no_fix;leptos_twelements - no_fix;gustavetsopmo/laravel-showcase-module - no_fix;besnik/laravel-filtering - no_fix;ui5-cli - 2.14.17;ryguy2407/nwostarter - no_fix;genoboo - no_fix;yalesites-org/atomic - dev-IYY-263--cas-search;yalesites-org/atomic - dev-IYY-300--view-hide-add-calendar;yalesites-org/atomic - dev-YALB-520-links-dynamically-apply-link-treatments;vesperphp/project - no_fix;Spark.Templates - 1.0.0-beta;postcss - 8.4.31;SAFE.Template - 3.0.1;daguilarm/livewire-tables - v0.1.0;mediamechanics/wp-template - 1.0.3;stechstudio/phpinfo - no_fix;chilister/nova-translation-manager - no_fix;stephane888/generate_style_theme - 1.0.1;jalexmelendez/botman-9 - no_fix;learnkit/oc-lms-theme - no_fix;islandora/islandora_starter_theme - dev-bd-d9-update;rzakhanov/translation - no_fix;foxcreator/onlineshop - no_fix;BlazorSpark.Templates - 0.4.3;buddy/deploy-buddy - dev-132_fix;buddy/deploy-buddy - 1.3.3;hexgad/media - no_fix;ginkdev/authentification-module - v1.0.0;ginkdev/authentification-module - no_fix;saphyr-solutions/saphyr-web-generator - dev-ppe;saphyr-solutions/saphyr-web-generator - no_fix;saphyr-solutions/saphyr-web-generator - 1.0.x-dev;networkrailbusinesssystems/support-page - dev-feature/readme;insyht/larvelous-shop - no_fix;7r5n/moviate-theme - no_fix;Envisia.DotNet.Templates - 3.0.1;ViewPacker - 1.2.0;narirock/marrs-catalog - no_fix;na-ekb/service-site-module - no_fix;cgnetwork/ease - v0.2.0;Blazor.TailwindCSS.BUnit - 1.0.2;Fable.Snowpack.Template - 2.1.0;parceljs - 2.4.0;devdeer.Templates.Solution - 6.0.0;craftpulse/craft-colour-swatches - dev-master;platformatory/opendevx - no_fix;genenotebook - no_fix;adaptcms/fieldrichtext - no_fix;andrew-vozniak/pantheon - no_fix;toanld/laravel-module-vue-admin-panel - no_fix;org.webjars.npm:postcss:8.4.31

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us