To me at least it reads funny because when I think of CSS I think of the language itself and not the accompanying tools that are then running the CSS.
Saying "Markdown has a CVE" would sound equally off.
I'm aware that its not actually CSS having the vulnerability but when simplified that's what it sounds like.
I think they meant something like the CSS parser, or the CSS Object Model (CSSOM).
One of the other commenters wrote a post that said it was related to @font-feature-values
Why ?
To me at least it reads funny because when I think of CSS I think of the language itself and not the accompanying tools that are then running the CSS.
Saying "Markdown has a CVE" would sound equally off. I'm aware that its not actually CSS having the vulnerability but when simplified that's what it sounds like.
Funny you'd mention that, when Notepad had a CVE in it's markdown parsing recently.