GHSA-9v62-24cr-58cx

Опубликовано: 11 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Denial of Service in node-sass

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

Ссылки

https://github.com/sass/node-sass/commit/338fd7a14d3b8bd374a382336df16f9c6792b884
https://www.npmjs.com/advisories/961

Пакеты

Наименование

node-sass

npm

Затронутые версииВерсия исправления

>= 3.3.0, < 4.13.1

4.13.1

5.9 Medium

CVSS3

Дефекты

CWE-400

5.9 Medium

CVSS3

Дефекты

CWE-400