Описание
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
A flaw was found in nodejs-node-sass. Certificate validation is disabled when requesting binaries even if the user is not specifying an alternative download path.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | kiali | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-grafana | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | console-header | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | grc-ui | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | mcm-topology | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1921882nodejs-node-sass: Certificate validation is disabled when requesting binaries
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 5 лет назад
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
CVSS3: 5.3
nvd
около 5 лет назад
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
CVSS3: 5.3
debian
около 5 лет назад
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...
5.3 Medium
CVSS3