CVE-2018-20190 Medium Severity Vulnerability detected by WhiteSource
mend-bolt-for-github opened this issue · comments
mend-bolt-for-github commented
CVE-2018-20190 - Medium Severity Vulnerability
Vulnerable Library - libsass3.4.1
A C/C++ implementation of a Sass compiler
Library home page: https://github.com/sass/libsass.git
Library Source Files (72)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /ninjecture/node_modules/node-sass/src/libsass/src/to_value.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/source_map.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/constants.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/to_c.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/memory_manager.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/node.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/expand.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/listize.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/output.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/parser.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/values.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/emitter.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/debugger.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/units.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/util.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/cssize.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/emitter.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/eval.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/functions.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/functions.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/listize.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/ast.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/units.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/ast_factory.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/ast.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/memory_manager.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/lexer.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/constants.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/to_c.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/to_value.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/cssize.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/environment.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/util.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/eval.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /ninjecture/node_modules/node-sass/src/libsass/include/sass/base.h
- /ninjecture/node_modules/node-sass/src/libsass/src/output.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/operation.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/inspect.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/sass.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/file.hpp
- /ninjecture/node_modules/node-sass/src/libsass/include/sass/values.h
- /ninjecture/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/source_map.hpp
- /ninjecture/node_modules/node-sass/src/libsass/include/sass2scss.h
- /ninjecture/node_modules/node-sass/src/libsass/src/sass.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/extend.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/file.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/node.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/expand.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/context.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/environment.hpp
- /ninjecture/node_modules/node-sass/src/libsass/include/sass/context.h
- /ninjecture/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/inspect.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/json.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/context.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/parser.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/extend.cpp
- /ninjecture/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /ninjecture/node_modules/node-sass/src/libsass/src/bind.cpp
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here