See on npm

postcss 7.0.27

2 security vulnerabilities found in version 7.0.27

PostCSS line return parsing error

medium severity CVE-2023-44270
medium severity CVE-2023-44270
Affected versions: < 8.4.31

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Regular Expression Denial of Service in postcss

medium severity CVE-2021-23368
medium severity CVE-2021-23368
Affected versions: >= 7.0.0, < 7.0.36

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Author did not declare license for this package in the source code.

This package version has a MIT license in the source code, however it was not declared in the source code.

This package version is available.

This package version has not been yanked and is still available for usage.