- EPSS 0.33%
- Veröffentlicht 24.05.2026 05:30:09
- Zuletzt bearbeitet 15.06.2026 08:16:22
A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It ...
CVE-2026-41305
- EPSS 0.21%
- Veröffentlicht 24.04.2026 02:27:47
- Zuletzt bearbeitet 24.04.2026 17:16:21
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs. When user-submitted CSS is pa...
CVE-2023-44270
- EPSS 0.82%
- Veröffentlicht 29.09.2023 22:15:11
- Zuletzt bearbeitet 03.11.2025 22:16:27
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After process...
CVE-2021-23382
- EPSS 2.51%
- Veröffentlicht 26.04.2021 16:15:07
- Zuletzt bearbeitet 21.11.2024 05:51:36
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=...
CVE-2021-23368
- EPSS 3.54%
- Veröffentlicht 12.04.2021 14:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:35
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.