Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

Node SASS security vulnerability in hoek dependency #2262

Closed
benjarwar opened this issue Feb 28, 2018 · 1 comment
Closed

Node SASS security vulnerability in hoek dependency #2262

benjarwar opened this issue Feb 28, 2018 · 1 comment

Comments

@benjarwar
Copy link

Node Security Platform is reporting a vulnerability in [email protected], which is required through several dependencies by Node SASS.

To reproduce:

npm install -g nsp 
npm install --save node-sass
nsp check

Output:

┌────────────┬────────────────────────────────────────────────────────────────────┐
│            │ Prototype pollution attack                                         │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Name       │ hoek                                                               │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ CVSS       │ 4 (Medium)                                                         │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Installed  │ 2.16.3                                                             │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <= 4.2.0 || >= 5.0.0 < 5.0.3                                       │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Patched    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                        │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Path       │ [email protected] > [email protected] > [email protected] > [email protected] >     │
│            │ [email protected]                                                        │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ More Info  │ https://nodesecurity.io/advisories/566                             │
└────────────┴────────────────────────────────────────────────────────────────────┘
  • NPM version: 5.6.0
  • Node version: v8.9.4
  • Node Process:
{
  http_parser: '2.7.0',
  node: '8.9.4',
  v8: '6.1.534.50',
  uv: '1.15.0',
  zlib: '1.2.11',
  ares: '1.10.1-DEV',
  modules: '57',
  nghttp2: '1.25.0',
  openssl: '1.0.2n',
  icu: '59.1',
  unicode: '9.0',
  cldr: '31.0.1',
  tz: '2017b'
}
  • Node Platform : darwin
  • Node architecture: x64
  • node-sass version:
node-sass	4.7.2	(Wrapper)	[JavaScript]
libsass  	3.5.0.beta.2	(Sass Compiler)	[C/C++]
@nschonni
Copy link
Contributor

Duplicate of #2252

@nschonni nschonni marked this as a duplicate of #2252 Feb 28, 2018
@noraj noraj mentioned this issue Apr 27, 2018
Closed
@paulschreiber paulschreiber mentioned this issue May 18, 2018
Closed
@aze3ma aze3ma mentioned this issue Jul 4, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nschonni @benjarwar