CVE-2018-11697 (High) detected in opennmsopennms-source-26.0.0-1, CSS::Sassv3.4.11

Question

CVE-2018-11697 (High) detected in opennmsopennms-source-26.0.0-1, CSS::Sassv3.4.11

mend-bolt-for-github opened this issue 4 years ago · comments

mend-bolt-for-github commented 4 years ago

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries - opennmsopennms-source-26.0.0-1, CSS::Sassv3.4.11

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here