UBUNTU-CVE-2023-44270

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2023-44270
Published: 29 Sept 2023, 22:15
Last modified:20 May 2026, 16:13

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5.3 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Sept 2023, 22:15
Published
Vulnerability first disclosed
20 May 2026, 16:13
Last Modified
Vulnerability information updated

Description

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

CVSS Metrics

  • v3.1MEDIUMScore: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Systems

  • ubuntunode-postcss

    all | all | all | all | all

References (5)