2326998 – (CVE-2023-44270) CVE-2023-44270 PostCSS: Improper input validation in PostCSS

Bug 2326998 (CVE-2023-44270) - CVE-2023-44270 PostCSS: Improper input validation in PostCSS

Summary: CVE-2023-44270 PostCSS: Improper input validation in PostCSS

Keywords:
Status:	NEW
Alias:	CVE-2023-44270
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2327062 2327063 2327064 2327068 2327047 2327049 2327050 2327051 2327052 2327053 2327054 2327055 2327056 2327057 2327058 2327059 2327060 2327061 2327065 2327066 2327067 2327069 2328666 2328677 2328678 2328679 2328680 2328681 2328682 2328683 2328684
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-18 14:12 UTC by OSIDB Bzimport
Modified:	2025-06-17 08:28 UTC (History)
CC List:	177 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:10517	None	None	None	2024-12-03 08:24:38 UTC
Red Hat Product Errata	RHSA-2024:10908	None	None	None	2024-12-10 08:28:06 UTC
Red Hat Product Errata	RHSA-2025:0654	None	None	None	2025-01-28 04:29:16 UTC
Red Hat Product Errata	RHSA-2025:0892	None	None	None	2025-02-03 13:09:48 UTC
Red Hat Product Errata	RHSA-2025:1824	None	None	None	2025-02-25 07:50:34 UTC
Red Hat Product Errata	RHSA-2025:1829	None	None	None	2025-02-25 09:15:52 UTC
Red Hat Product Errata	RHSA-2025:1865	None	None	None	2025-02-26 00:59:47 UTC
Red Hat Product Errata	RHSA-2025:1866	None	None	None	2025-02-26 02:33:04 UTC
Red Hat Product Errata	RHSA-2025:2652	None	None	None	2025-03-11 09:16:34 UTC
Red Hat Product Errata	RHSA-2025:3069	None	None	None	2025-03-20 08:38:10 UTC

Description OSIDB Bzimport 2024-11-18 14:12:29 UTC

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

Comment 6 errata-xmlrpc 2024-12-03 08:24:29 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:10517 https://access.redhat.com/errata/RHSA-2024:10517

Comment 7 errata-xmlrpc 2024-12-10 08:27:55 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.5 for RHEL 8

Via RHSA-2024:10908 https://access.redhat.com/errata/RHSA-2024:10908

Comment 10 errata-xmlrpc 2025-01-28 04:29:05 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654

Comment 11 errata-xmlrpc 2025-02-03 13:09:38 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892

Comment 12 errata-xmlrpc 2025-02-25 07:50:23 UTC

This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:1824 https://access.redhat.com/errata/RHSA-2025:1824

Comment 13 errata-xmlrpc 2025-02-25 09:15:41 UTC

This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:1829 https://access.redhat.com/errata/RHSA-2025:1829

Comment 16 errata-xmlrpc 2025-02-26 00:59:36 UTC

This issue has been addressed in the following products:

  RHODF-4.15-RHEL-9

Via RHSA-2025:1865 https://access.redhat.com/errata/RHSA-2025:1865

Comment 17 errata-xmlrpc 2025-02-26 02:32:55 UTC

This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2025:1866 https://access.redhat.com/errata/RHSA-2025:1866

Comment 19 errata-xmlrpc 2025-03-11 09:16:26 UTC

This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652

Comment 22 errata-xmlrpc 2025-03-20 08:38:01 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift GitOps 1.14

Via RHSA-2025:3069 https://access.redhat.com/errata/RHSA-2025:3069

Note You need to log in before you can comment on or make changes to this bug.

aarif
aazores
abarbaro
adudiak
adupliak
akostadi
alcohan
amasferr
amctagga
anjoseph
anpicker
aprice
asoldano
bbaranow
bdettelb
bkabrda
bmaxwell
boliveir
brian.stansberry
brking
caswilli
cbartlet
cdaley
cdewolf
chazlett
chfoley
cmah
cmiranda
danken
darran.lofthouse
dfreiber
dhanak
dkreling
dkuc
dmayorov
doconnor
dosoudil
drichtar
drow
dymurray
eaguilar
ebaron
ecerquei
ehelms
eric.wittmann
fdeutsch
fjansen
fjuma
ggainey
gkamathe
gmalinko
gotiwari
gparvin
gtanzill
haoli
hasun
hkataria
ibek
ibolton
istudens
ivassile
iweiss
jajackso
janstey
jburrell
jcammara
jcantril
jchui
jforrest
jfula
jhe
jkoehler
jkoops
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jolong
jowilson
jprabhak
jrokos
jsamir
jscholz
juwatts
jwendell
jweng
jwong
kaycoth
kegrant
koliveir
kshier
ktsao
kverlaen
lball
lchilton
lgao
lphiri
mabashia
mhulan
mkudlej
mmakovy
mnovotny
mosmerov
mpierce
msochure
msvehla
mvyas
nboldt
ngough
nipatil
njean
nmoumoul
nwallace
nyancey
omaciel
ometelka
oramraz
owatkins
pahickey
pantinor
parichar
pbraun
pcongius
pcreech
pdelbell
pdrozd
peholase
pesilva
pgaikwad
phoracek
pjindal
pmackay
pskopek
psrna
ptisnovs
rcernich
rchan
rguimara
rhaigner
rjohnson
rkubis
rmartinc
rojacob
rowaters
rstancel
rstepani
saroy
sdawley
sfeifer
sfroberg
shvarugh
simaishi
slucidi
smaestri
smallamp
smcdonal
smullick
sseago
stcannon
sthorger
stirabos
swoodman
syedriko
tasato
teagle
tfister
thason
thavo
tjochec
tom.jenkinson
twalsh
veshanka
vkumar
wtam
xdharmai
yguenane