search

fdm-monster / fdm-monster-client

FDM Monster's client bundle
GNU Affero General Public License v3.0
3 stars 6 forks source link

CVE-2023-44270 (Medium) detected in postcss-8.4.30.tgz - autoclosed #600

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2023-44270 - Medium Severity Vulnerability

Vulnerable Library - postcss-8.4.30.tgz

Library home page: https://registry.npmjs.org/postcss/-/postcss-8.4.30.tgz

Dependency Hierarchy: - vue-2.7.14.tgz (Root Library) - compiler-sfc-2.7.14.tgz - :x: **postcss-8.4.30.tgz** (Vulnerable Library)

Found in HEAD commit: 7957c8456ad0b6221c9bb377d3f84d85c0a2bfc6

Found in base branch: main

Vulnerability Details

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

Publish Date: 2023-09-29

URL: CVE-2023-44270

CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-44270

Release Date: 2023-09-29

Fix Resolution: postcss - 8.4.31

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.