org.webjars.npm:node-sass@5.0.0 vulnerabilities

  • latest version

    9.0.0

  • first published

    9 years ago

  • latest version published

    10 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:node-sass package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Buffer Overflow

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Buffer Overflow via the CompoundSelector::has_real_parent_ref function.

    How to fix Buffer Overflow?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Denial of Service (DoS)

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the Sass::ComplexSelector::has_placeholder function, due to a possible stack overflow.

    How to fix Denial of Service (DoS)?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • H
    Denial of Service (DoS)

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Denial of Service (DoS) when executing the 'Sass::CompoundSelector::has_real_parent_ref' function in 'ast_selectors.cpp', which could lead to a stack overflow.

    How to fix Denial of Service (DoS)?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Improper Certificate Validation

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Improper Certificate Validation. Certificate validation is disabled by default when requesting binaries, even if the user is not specifying an alternative download path.

    How to fix Improper Certificate Validation?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Out-of-Bounds

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Out-of-Bounds via Sass::Prelexer::alternatives in prelexer.hpp. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix Out-of-Bounds?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Out-of-bounds Read

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Out-of-bounds Read via Sass::weaveParents in ast_sel_weave.cpp. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix Out-of-bounds Read?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Denial of Service (DoS)

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Denial of Service (DoS). Uncontrolled recursion is possible in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix Denial of Service (DoS)?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    NULL Pointer Dereference

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to NULL Pointer Dereference via Sass::Parser::parseCompoundSelectorin parser_selectors.cpp. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix NULL Pointer Dereference?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • H
    Use After Free

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Use After Free via the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix Use After Free?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Out-of-bounds Read

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Out-of-bounds Read. The function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix Out-of-bounds Read?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Uncontrolled Recursion

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Uncontrolled Recursion via Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

    How to fix Uncontrolled Recursion?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • H
    NULL Pointer Dereference

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to NULL Pointer Dereference in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. node-sass is affected by this vulnerability due to its bundled usage of libsass.

    How to fix NULL Pointer Dereference?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)
    • M
    Out-of-Bounds

    org.webjars.npm:node-sass is a Node.js bindings to libsass.

    Affected versions of this package are vulnerable to Out-of-Bounds. A heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. node-sass is affected by this vulnerability due to its bundled usage of libsass.

    How to fix Out-of-Bounds?

    There is no fixed version for org.webjars.npm:node-sass.

    [0,)