CVE-2022-26592 (High) detected in node-sassv4.13.1 #311

mend-for-github-com · 2024-03-03T18:46:44Z

CVE-2022-26592 - High Severity Vulnerability

Vulnerable Library - node-sassv4.13.1

🌈 Node.js bindings to libsass

Found in base branch: master

Vulnerable Source Files (1)

/packages/react-server-examples/meteor-site/node_modules/node-sass/src/libsass/src/inspect.cpp

Vulnerability Details

Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.

Publish Date: 2023-08-22

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Mar 3, 2024