CVE-2023-44270 Information

Description

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies as demonstrated by @font-face font:(\r/); in a rule.

Reference

https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25 https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 https://github.com/postcss/postcss/releases/tag/8.4.31