Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sass-lang vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-18798
LibSass prior to 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
Sass-lang Libsass
383
VMScore
CVE-2019-18799
LibSass prior to 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.
Sass-lang Libsass
668
VMScore
CVE-2018-11499
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x up to and including 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Sass-lang Libsass
383
VMScore
CVE-2018-19839
In LibSass before 3.5.5, the function handle_error in sass_context.cpp allows malicious users to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Sass-lang Libsass
384
VMScore
CVE-2018-20821
The parsing component in LibSass up to and including 3.5.5 allows malicious users to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Sass-lang Libsass
383
VMScore
CVE-2018-20190
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Sass-lang Libsass 3.5.5
383
VMScore
CVE-2019-6283
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Sass-lang Libsass 3.5.5
383
VMScore
CVE-2019-6284
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Sass-lang Libsass 3.5.5
383
VMScore
CVE-2019-6286
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Sass-lang Libsass 3.5.5
445
VMScore
CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Sass-lang Node-sass
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »