VYPR

CWE-144

Improper Neutralization of Line Delimiters

VariantDraft

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component.

As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2023-44270Sep 29, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be…