Debian Node-Postcss vulnerabilities

5 known vulnerabilities affecting debian/node-postcss.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2024-55565MEDIUMCVSS 4.3fixed in node-mocha 9.1.4+ds1+~cs28.2.8-1 (bookworm)2024
CVE-2024-55565 [MEDIUM] CVE-2024-55565: node-mocha - nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a... nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. Scope: local bookworm: resolved (fixed in 9.1.4+ds1+~cs28.2.8-1) bullseye: resolved (fixed in 8.2.1+ds1+~cs29.4.27-3+deb11u1) forky: resolved (fixed in 9.1.4+ds1+~cs28.2.8-1) sid: resolved (fixed in 9.1.4+ds1+~cs28.2.8-1) trixie: resolved (fixed in 9.1.4+ds1+~cs28.2.
debian
CVE-2023-44270MEDIUMCVSS 5.3fixed in node-postcss 8.4.20+~cs8.0.23-1+deb12u1 (bookworm)2023
CVE-2023-44270 [MEDIUM] CVE-2023-44270: node-postcss - An issue was discovered in PostCSS before 8.4.31. The vulnerability affects lint... An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being includ
debian
CVE-2021-23566MEDIUMCVSS 4.0fixed in node-mocha 9.1.4+ds1+~cs28.2.8-1 (bookworm)2021
CVE-2021-23566 [MEDIUM] CVE-2021-23566: node-mocha - The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Ex... The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. Scope: local bookworm: resolved (fixed in 9.1.4+ds1+~cs28.2.8-1) bullseye: resolved (fixed in 8.2.1+ds1+~cs29.4.27-3+deb11u1) forky: resolved (fixed in 9.1.4+ds1+~cs28.2.8-1) sid: resolved (fixed in 9
debian
CVE-2021-23382MEDIUMCVSS 5.3fixed in node-postcss 8.2.1+~cs5.3.23-7 (bookworm)2021
CVE-2021-23382 [MEDIUM] CVE-2021-23382: node-postcss - The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of... The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). Scope: local bookworm: resolved (fixed in 8.2.1+~cs5.3.23-7) bullseye: resolved (fixed in 8.2.1+~cs5.3.23
debian
CVE-2021-23368MEDIUMCVSS 5.3fixed in node-postcss 8.2.1+~cs5.3.23-6 (bookworm)2021
CVE-2021-23368 [MEDIUM] CVE-2021-23368: node-postcss - The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expre... The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. Scope: local bookworm: resolved (fixed in 8.2.1+~cs5.3.23-6) bullseye: resolved (fixed in 8.2.1+~cs5.3.23-6) forky: resolved (fixed in 8.2.1+~cs5.3.23-6) sid: resolved (fixed in 8.2.1+~cs5.3.23-6) trixie: resolved (fixed i
debian