org.webjars.npm:node-sass@4.12.0 vulnerabilities

latest version

9.0.0
first published

9 years ago
latest version published

4 months ago
licenses detected
- MIT
  [3.1.1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:node-sass package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Buffer Overflow org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Buffer Overflow via the `CompoundSelector::has_real_parent_ref` function. How to fix Buffer Overflow? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `Sass::ComplexSelector::has_placeholder` function, due to a possible stack overflow. How to fix Denial of Service (DoS)? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
H Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS) when executing the 'Sass::CompoundSelector::has_real_parent_ref' function in 'ast_selectors.cpp', which could lead to a stack overflow. How to fix Denial of Service (DoS)? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Improper Certificate Validation org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Improper Certificate Validation. Certificate validation is disabled by default when requesting binaries, even if the user is not specifying an alternative download path. How to fix Improper Certificate Validation? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). Crafted objects passed to the `renderSync` function may trigger C++ assertions in `CustomImporterBridge::get_importer_entry` and `CustomImporterBridge::post_process_return_value` that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service. How to fix Denial of Service (DoS)? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
H NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference via the function `Sass::Expand::operator` which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix NULL Pointer Dereference? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
H Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via the function `Sass::Prelexer::exactly()` which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
M Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via `Sass::weaveParents` in `ast_sel_weave.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Uncontrolled Recursion org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Uncontrolled Recursion via `Sass::Eval::operator()(Sass::Binary_Expression*)` in `eval.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Uncontrolled Recursion? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via `Sass::Prelexer::skip_over_scopes` in `prelexer.hpp` when called from `Sass::Parser::parse_import()`, a similar issue to CVE-2018-11693. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
M NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference via `Sass::Parser::parseCompoundSelector`in `parser_selectors.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix NULL Pointer Dereference? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference. The function `Sass::Selector_List::populate_extends` in `SharedPtr.hpp` (used by `ast.cpp` and `ast_selectors.cpp`) may cause a Denial of Service (application crash) via a crafted sass input file. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix NULL Pointer Dereference? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
H Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read via the function `Sass::handle_error` which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
M Out-of-Bounds org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-Bounds via `Sass::Prelexer::alternatives` in `prelexer.hpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-Bounds? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
H Use After Free org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Use After Free via the `SharedPtr` class in `SharedPtr.cpp` (or `SharedPtr.hpp`) that may cause a denial of service (application crash) or possibly have unspecified other impact. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Use After Free? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-bounds Read org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-bounds Read. The function `handle_error` in `sass_context.cpp` allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Out-of-bounds Read? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). Uncontrolled recursion is possible in `Sass::Complex_Selector::perform` in `ast.hpp` and `Sass::Inspect::operator` in `inspect.cpp`. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Denial of Service (DoS)? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Denial of Service (DoS) org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Denial of Service (DoS). The parsing component allows attackers to cause uncontrolled recursion in `Sass::Parser::parse_css_variable_value` in parser.cpp. Note: `node-sass` is affected by this vulnerability due to its bundled usage of the `libsass` package. How to fix Denial of Service (DoS)? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
M NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference. In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()``(Sass::Supports_Operator*) in `eval.cpp` may cause a Denial of Service (application crash) via a crafted sass input file. How to fix NULL Pointer Dereference? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)
H NULL Pointer Dereference org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to NULL Pointer Dereference in the function `Sass::Functions::selector_append` which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. `node-sass` is affected by this vulnerability due to its bundled usage of `libsass`. How to fix NULL Pointer Dereference? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
M Out-of-Bounds org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Out-of-Bounds. A heap-based buffer over-read exists in `Sass::Prelexer::parenthese_scope` in `prelexer.hpp`. `node-sass` is affected by this vulnerability due to its bundled usage of `libsass`. How to fix Out-of-Bounds? There is no fixed version for `org.webjars.npm:node-sass`.	[0,)
C Use After Free org.webjars.npm:node-sass is a Node.js bindings to libsass. Affected versions of this package are vulnerable to Use After Free. A use-after-free vulnerability exists in `handle_error()` in `sass_context.cpp` in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. `node-sass` is affected by this vulnerability due to its usage of `libsass`. How to fix Use After Free? Upgrade `org.webjars.npm:node-sass` to version 4.14.1 or higher.	[,4.14.1)

Go back to all versions of this package

org.webjars.npm:node-sass@4.12.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities