You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.
npm node-sass versions (npm ls node-sass): -- node-sass@4.12.0
### Vulnerability details:
Name: CVE-2018-11499 Description: A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. Publish date: 2018-05-26 URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Can anyone plz resolve this issue and publish is new node-sass version containing upgraded package of Libsass i.e. greater than or equals to 3.5.5.?
Regards,
Joginder
The text was updated successfully, but these errors were encountered:
Hi Node-Sass team,
Whitesource (Opensource) scan detected security vulnerability on Libsass < 3.5.5 which is being pushed by node-sass v4.12.0. Here are the details:
npm -v
): 5.6.0node -v
): 8.9.4node -p process.versions
):{ http_parser: '2.7.0', node: '8.9.4', v8: '6.1.534.50',uv: '1.15.0', zlib: '1.2.11', ares: '1.10.1-DEV', modules: '57', nghttp2: '1.25.0', openssl: '1.0.2n', icu: '59.1', unicode: '9.0', cldr: '31.0.1', tz: '2017b' }
node -p process.platform
): win32 (dev), linux (prod)node -p process.arch
): x64node -p "require('node-sass').info"
):node-sass 4.12.0 (Wrapper) [JavaScript]
libsass 3.5.4 (Sass Compiler) [C/C++]
npm ls node-sass
): -- node-sass@4.12.0### Vulnerability details:
Name: CVE-2018-11499
Description: A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish date: 2018-05-26
URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Can anyone plz resolve this issue and publish is new node-sass version containing upgraded package of Libsass i.e. greater than or equals to 3.5.5.?
Regards,
Joginder
The text was updated successfully, but these errors were encountered: