Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

Prototype Pollution #2463

Closed
LucasBrazi06 opened this issue Jul 25, 2018 · 2 comments
Closed

Prototype Pollution #2463

LucasBrazi06 opened this issue Jul 25, 2018 · 2 comments

Comments

@LucasBrazi06
Copy link

LucasBrazi06 commented Jul 25, 2018
edited
Loading

Prototype Pollution

Issue Details

  • Vulnerability: Prototype Pollution
  • Severity: Medium

Issue Description

hoek is vulnerable to prototype pollution attacks. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service (DoS) attacks and in some situations remote code execution (RCE) attacks.

node-sass 4.9.2 > node-gyp 3.7.0 > request 2.81.0 > hawk 3.1.3

Issue solution

This issue was fixed in version 4.2.1 of hoek. That version is currently considered safe, we suggest that you upgrade to the fixed version.
@xzyfer
Copy link
Contributor

xzyfer commented Jul 25, 2018

Duplicate of more issues than I can count. Please search before opening new issues.

@xzyfer xzyfer closed this as completed Jul 25, 2018
@LucasBrazi06
Copy link
Author

LucasBrazi06 commented Jul 25, 2018
edited
Loading

I searched and the issue still persists in node-sass 4.9.2!
But just found this one #2111 which has a common root 'node-gyp 3.7.0' and could solve this one too.
Thanks and sorry for bothering you!

jiongle1 pushed a commit to scantist-ossops-m2/node-sass that referenced this issue Apr 7, 2024
@asottile @xzyfer
Use case-insensitive lookup to parse colors. (sass#2463)
b6bc02e 
Fixes sass#2462
Spec sass/sass-spec#1161
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xzyfer @LucasBrazi06