Affected versions of this package are vulnerable to Resource Exhaustion via the cache-control header. An attacker can cause a denial of service to all users requesting the same URL via a CDN by caching empty prefetch responses.
Remediation
Upgrade next to version 13.4.20-canary.13 or higher.
postcss is a PostCSS is a tool for transforming styles with JS plugins.
Affected versions of this package are vulnerable to Improper Input Validation when parsing external Cascading Style Sheets (CSS) with linters using PostCSS. An attacker can cause discrepancies by injecting malicious CSS rules, such as @font-face{ font:(\r/*);}.
This vulnerability is because of an insecure regular expression usage in the RE_BAD_BRACKET variable.