This repository has been archived by the owner on Jul 24, 2024. It is now read-only.
libsass-3.5.2 Vulnerability #2838
Comments
|
Node Sass is actually using 3.5.5, it is just a glicth in the printing from the commandline being addressed over #2769 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Unable to update LibSass version to '3.5.5' in node-sass, In the 'node-sass-4.13.1' the libsass available is 'libsass-3.5.4', below i mention the WhiteSource Bolt Build Report detail.
Vulnerability : CVE-2018-11697
Description:
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Fix: Upgrade to version LibSass - 3.5.5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11693
The text was updated successfully, but these errors were encountered: