gulp-sass-2.3.2.tgz: 21 vulnerabilities (highest severity is: 9.8) #14
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
dev-mend-for-github-com
bot
added
the
security vulnerability
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Vulnerabilities
Details
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Release Date: 2018-05-26
Fix Resolution (node-sass): 4.14.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694
Release Date: 2018-06-04
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2664
Release Date: 2018-06-04
Fix Resolution (node-sass): 4.9.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11696
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2665
Release Date: 2018-06-04
Fix Resolution (node-sass): 4.14.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-11698
Release Date: 2018-06-04
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697
Release Date: 2018-06-04
Fix Resolution (node-sass): 4.14.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11693
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2661
Release Date: 2018-06-04
Fix Resolution (node-sass): 4.11.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - trim-newlines-1.0.0.tgz
Trim newlines from the start and/or end of a string
Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/trim-newlines/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Publish Date: 2021-05-28
URL: CVE-2021-33623
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
Release Date: 2021-05-28
Fix Resolution (trim-newlines): 3.0.1
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.
Publish Date: 2017-08-18
URL: CVE-2017-12964
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2665
Release Date: 2017-08-18
Fix Resolution (node-sass): 4.4.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2020-08-24
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Publish Date: 2019-01-14
URL: CVE-2019-6286
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286
Release Date: 2019-07-23
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-04-23
Fix Resolution (node-sass): 4.13.1
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821
Release Date: 2019-04-23
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-08
Fix Resolution (node-sass): 4.8.0
Direct dependency fix Resolution (gulp-sass): 3.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2020-08-24
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - node-sass-3.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-3.13.1.tgz
Path to dependency file: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/package.json
Path to vulnerable library: /NuGet_NonSDK_Test/App_Plugins/UmbracoForms/Assets/BaremetricsCalendar/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 1485a69c20022d87a3b00fb210407992d144a42a
Found in base branch: main
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
Release Date: 2018-12-17
Fix Resolution (node-sass): 5.0.0
Direct dependency fix Resolution (gulp-sass): 5.0.0
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
The text was updated successfully, but these errors were encountered: