org.webjars.npm:node-sass@4.14.1 vulnerabilities

latest version

9.0.0
first published

9 years ago
latest version published

4 months ago
licenses detected
- MIT
  [3.1.1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:node-sass package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Buffer Overflow org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Buffer Overflow via the `CompoundSelector::has_real_parent_ref` function. How to fix Buffer Overflow? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `Sass::ComplexSelector::has_placeholder` function, due to a possible stack overflow. How to fix Denial of Service (DoS)? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
H Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS) when executing the 'Sass::CompoundSelector::has_real_parent_ref' function in 'ast_selectors.cpp', which could lead to a stack overflow. How to fix Denial of Service (DoS)? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Improper Certificate Validation org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Improper Certificate Validation. Certificate validation is disabled by default when requesting binaries, even if the user is not specifying an alternative download path. How to fix Improper Certificate Validation? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-Bounds org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-Bounds via `Sass::Prelexer::alternatives` in `prelexer.hpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-Bounds? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
H Use After Free org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Use After Free via the `SharedPtr` class in `SharedPtr.cpp` (or `SharedPtr.hpp`) that may cause a denial of service (application crash) or possibly have unspecified other impact. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Use After Free? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. The function `handle_error` in `sass_context.cpp` allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). Uncontrolled recursion is possible in `Sass::Complex_Selector::perform` in `ast.hpp` and `Sass::Inspect::operator` in `inspect.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Denial of Service (DoS)? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Uncontrolled Recursion org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Uncontrolled Recursion via `Sass::Eval::operator()(Sass::Binary_Expression*)` in `eval.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Uncontrolled Recursion? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via `Sass::weaveParents` in `ast_sel_weave.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference via `Sass::Parser::parseCompoundSelector`in `parser_selectors.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix NULL Pointer Dereference? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
H NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference in the function `Sass::Functions::selector_append` which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. `node-sass` is affected by this vulnerability due to its bundled usage of `libsass`. How to fix NULL Pointer Dereference? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-Bounds org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-Bounds. A heap-based buffer over-read exists in `Sass::Prelexer::parenthese_scope` in `prelexer.hpp`. `node-sass` is affected by this vulnerability due to its bundled usage of `libsass`. How to fix Out-of-Bounds? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)

Go back to all versions of this package

org.webjars.npm:node-sass@4.14.1 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities