CVE-2018-20822 (Medium) detected in node-sass0bd48bbad6fccb0da16d3bdf76ad541f5f45ec70, node-sass-4.12.0.tgz #19
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-jackfan.us.kg
bot
added
the
security vulnerability
mend-for-jackfan.us.kg
bot
changed the title
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2018-20822 - Medium Severity Vulnerability
node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: rcloud/package.json
Path to vulnerable library: rcloud/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: ea3e9eb0d43a8dbd41b588165d397d47fee73f06
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
The text was updated successfully, but these errors were encountered: