CVE-2020-24025

Опубликовано: 11 янв. 2021

Источник: debian

Описание

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-node-sass	fixed	7.0.1+git20211229.3bb51da+dfsg-1		package
node-node-sass	ignored		bullseye	package

Примечания

https://github.com/sass/node-sass/pull/567#issuecomment-656609236
https://github.com/sass/node-sass/issues/3067

Связанные уязвимости

CVE-2020-24025

CVSS3: 5.3

ubuntu

около 5 лет назад

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

CVE-2020-24025

CVSS3: 5.3

redhat

около 5 лет назад

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

CVE-2020-24025

CVSS3: 5.3

nvd

около 5 лет назад

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

CVE-2020-24025

CVSS3: 5.3

msrc

больше 2 лет назад

Описание отсутствует

GHSA-r8f7-9pfq-mjmv

CVSS3: 5.3

github

почти 4 года назад

Improper Certificate Validation in node-sass