postcss@5.0.18 vulnerabilities
Tool for transforming styles with JS plugins
-
latest version
8.4.49
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
5 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the postcss package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Improper Input Validation when parsing external Cascading Style Sheets (CSS) with linters using PostCSS. An attacker can cause discrepancies by injecting malicious CSS rules, such as How to fix Improper Input Validation? Upgrade |
<8.4.31
|
postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via PoC
How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
>=8.0.0 <8.2.13
<7.0.36
|