Affecting org.webjars.npm:node-sass artifact, versions [,4.4.0)Report new vulnerabilities
org.webjars.npm:node-sass is a Node.js bindings to libsass.
Affected versions of this package are vulnerable to Uncontrolled Recursion.
There is a stack consumption vulnerability in the lex function in
parser.hpp (as used in sassc). A crafted input will lead to a remote denial of service. Note:
node-sass is affected by this vulnerability due to its bundled usage of the
org.webjars.npm:node-sass to version 4.4.0 or higher.