node-sass is a Node.js bindings package for libsass.
Affected versions of this package are vulnerable to Out-of-bounds Read. An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function
Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
node-sass is affected by this vulnerability due to its bundled usage of
node-sass to version 4.11.0 or higher.