9.0.0
12 years ago
1 years ago
Package is deprecated
Known vulnerabilities in the node-sass package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Improper Certificate Validation. Certificate validation is disabled by default when requesting binaries, even if the user is not specifying an alternative download path. How to fix Improper Certificate Validation? Upgrade | >=2.0.0 <7.0.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). Crafted objects passed to the How to fix Denial of Service (DoS)? Upgrade | >=3.3.0 <4.13.1 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Uncontrolled Recursion via How to fix Uncontrolled Recursion? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. The function How to fix Out-of-bounds Read? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. A heap-based buffer over-read exists in the function How to fix Out-of-bounds Read? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via the function How to fix Out-of-bounds Read? Upgrade | <3.6.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via the function How to fix Out-of-bounds Read? Upgrade | <3.6.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). Uncontrolled recursion is possible in How to fix Denial of Service (DoS)? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Improper Input Validation. There is an illegal address access in the How to fix Improper Input Validation? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Uncontrolled Recursion via the function How to fix Uncontrolled Recursion? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference. The function How to fix NULL Pointer Dereference? Upgrade | <3.6.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). The parsing component allows attackers to cause uncontrolled recursion in How to fix Denial of Service (DoS)? Upgrade | <3.6.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via How to fix Out-of-bounds Read? Upgrade | <3.6.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via How to fix Out-of-bounds Read? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Uncontrolled Recursion. There is a stack consumption vulnerability in the lex function in How to fix Uncontrolled Recursion? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via How to fix Out-of-bounds Read? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference via How to fix NULL Pointer Dereference? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). Functions inside How to fix Denial of Service (DoS)? Upgrade | <4.11.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read related to address How to fix Out-of-bounds Read? Upgrade | <4.3.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference via the function How to fix NULL Pointer Dereference? Upgrade | <4.9.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). There are memory leaks triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. Note: How to fix Denial of Service (DoS)? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. There is an illegal address access in How to fix Out-of-bounds Read? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Use After Free via the How to fix Use After Free? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-Bounds via How to fix Out-of-Bounds? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Improper Input Validation. There is an illegal address access in How to fix Improper Input Validation? Upgrade | <4.4.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference. An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function How to fix NULL Pointer Dereference? Upgrade | <4.11.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Resource Exhaustion. In LibSass prior to 3.5.5, How to fix Resource Exhaustion? Upgrade | <4.11.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Uncontrolled Recursion. There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. How to fix Uncontrolled Recursion? Upgrade | <4.8.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference. In LibSass 3.5.5, a NULL Pointer Dereference in the function How to fix NULL Pointer Dereference? Upgrade | <3.6.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function How to fix Out-of-bounds Read? Upgrade | <4.11.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference in the function How to fix NULL Pointer Dereference? There is no fixed version for | * |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. ]There is a heap-based buffer over-read in the How to fix Out-of-bounds Read? Upgrade | <4.2.0 |
node-sass is a Node.js bindings package for libsass. Affected versions of this package are vulnerable to Out-of-Bounds. A heap-based buffer over-read exists in How to fix Out-of-Bounds? There is no fixed version for | * |