N/A

Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function.

N/A

对生成代码的控制不恰当(代码注入)

reduce-css-calc node模块安全漏洞

reduce-css-calc node module是一个用于减少CSS calc()函数开发的模块。 reduce-css-calc node模块1.2.4及之前版本中存在代码注入漏洞。攻击者借助利用该漏洞执行任意代码或实施跨站脚本攻击。

N/A

N/A