3 matches found
CVE-2019-10799
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...
@codinger/build-helper (=1.0.2-rc.1), @onepointfour-npm/pollyfiller (>=1.0.10 <=1.2.3) potentially affected by CVE-2019-10799 via compile-sass (=0.1.4)
compile-sass NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on compile-sass and may be impacted: - @codinger/build-helper =1.0.2-rc.1 - @onepointfour-npm/pollyfiller =1.0.10, =1.2.3 Source cves: CVE-2019-10799 Source advisory:...
CVE-2019-10799
CVE-2019-10799 affects the compile-sass module prior to version 1.0.5. The root cause is a lack of sanitization in the function setupCleanupOnExit(cssPath) within dist/index.js, which is invoked as part of the rm command, enabling execution of arbitrary commands. The vulnerability allows potentia...