Known Vulnerabilities for products from Sass-lang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sass-lang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-43358 json | Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210... | 7.5 - HIGH | 2023-08-22 | 2023-08-30 |
| CVE-2022-43357 json | Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-... | 7.5 - HIGH | 2023-08-22 | 2023-08-31 |
| CVE-2022-26592 json | Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. | 8.8 - HIGH | 2023-08-22 | 2023-08-25 |
| CVE-2020-24025 json | Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying a... | 5.3 - MEDIUM | 2021-01-11 | 2021-01-15 |
| CVE-2019-18799 json | LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. | 6.5 - MEDIUM | 2019-11-06 | 2019-11-08 |
| CVE-2019-18798 json | LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. | 6.5 - MEDIUM | 2019-11-06 | 2019-11-08 |
| CVE-2019-18797 json | LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. | 6.5 - MEDIUM | 2019-11-06 | 2019-11-08 |
| CVE-2019-6286 json | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from S... | 6.5 - MEDIUM | 2019-01-14 | 2019-07-23 |
| CVE-2019-6284 json | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. | 6.5 - MEDIUM | 2019-01-14 | 2023-02-28 |
| CVE-2019-6283 json | In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. | 6.5 - MEDIUM | 2019-01-14 | 2023-02-28 |
| CVE-2018-20822 json | LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast... | 6.5 - MEDIUM | 2019-04-23 | 2023-02-28 |
| CVE-2018-20821 json | The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass:... | 6.5 - MEDIUM | 2019-04-23 | 2023-02-28 |
| CVE-2018-20190 json | In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may... | 6.5 - MEDIUM | 2018-12-17 | 2019-07-23 |
| CVE-2018-19839 json | In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service result... | 6.5 - MEDIUM | 2018-12-04 | 2019-07-23 |
| CVE-2018-19838 json | In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-o... | 6.5 - MEDIUM | 2018-12-04 | 2019-07-23 |
| CVE-2018-19837 json | In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denia... | 6.5 - MEDIUM | 2018-12-04 | 2019-07-23 |
| CVE-2018-19827 json | In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may c... | 8.8 - HIGH | 2018-12-03 | 2019-07-23 |
| CVE-2018-19826 json | ** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect... | 6.5 - MEDIUM | 2018-12-03 | 2023-11-07 |
| CVE-2018-19797 json | In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ... | 6.5 - MEDIUM | 2018-12-03 | 2019-07-23 |
| CVE-2018-19219 json | In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | 6.5 - MEDIUM | 2018-11-12 | 2020-08-24 |