GHSA-6V6P-G8CG-2HGG Improper Certificate Validation in node-sass affects eZ Platform

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. This affects eZ Platform v2.5 only. The maintainers resolved it by replacing node-sass 4.11 with sass 1.32.13. This issue also affects...

Improper Certificate Validation in node-sass affects eZ Platform

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. This affects eZ Platform v2.5 only. The maintainers resolved it by replacing node-sass 4.11 with sass 1.32.13. This issue also affects...

GHSA-R8F7-9PFQ-MJMV Improper Certificate Validation in node-sass

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 08cms (=1.0.0) +17713 more potentially affected by CVE-2020-24025 via node-sass (>=2.0.0 <=6.0.1)

node-sass NPM version =2.0.0, =1.0.1, =1.0.4, =1.0.3, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.276 - 5coder-pages =0.2.0 and more Source cves: CVE-2020-24025 Source advisory: OSV:GHSA-R8F7-9PFQ-MJMV...

Improper Certificate Validation in node-sass

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

A flaw was found in nodejs-node-sass. Certificate validation is disabled when requesting binaries even if the user is not specifying an alternative download path...

Man-in-the-Middle (MitM)

node-sass is vulnerable to man-in-the-middle attack. The certificate validation when requesting binaries is disabled even if the user does not specify an alternative download path. This allows for a man-in-the-middle attacker to intercept and modify network traffic, and potentially introduce...

AZL-27653 CVE-2020-24025 affecting package reaper for versions less than 3.1.1-9

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

DEBIAN-CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

UBUNTU-CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

CVE-2020-24025

CVE-2020-24025 affects node-sass versions from 2.0.0 through 4.14.1, where certificate validation is disabled when requesting binaries, even if no alternative download path is specified. This can enable TLS validation bypass when fetching binaries. The description does not specify affected OSes o...

Sass Node-sass Trust Management Issues Vulnerability

Sass Node-sass is a C++-based codebase from the Gogo Sass team that supports Node interaction with LibSass. A security vulnerability exists in node-sass 2.0.0 to 4.14.1, which stems from certificate validation being disabled...

GHSA-9V62-24CR-58CX Denial of Service in node-sass

Affected versions of node-sass are vulnerable to Denial of Service DoS. Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::getimporterentry and CustomImporterBridge::postprocessreturnvalue that crash the Node process. This may allow attackers to...

@104corp/espack (>=1.0.0 <=1.0.0-alpha.11), @14four/falcon (>=0.1.0 <=0.1.9) +637 more potentially affected by unknown CVE via node-sass (>=3.3.0 <=4.13.0)

node-sass NPM version =3.3.0, =1.0.0, =0.1.0, =1.0.0, =0.6.2, =0.0.1, =0.11.0, =0.0.15, =0.1.0, =0.1.0, =0.0.4, =2.0.0-0, =2.0.0-0, =1.0.16, =0.0.55-alpha.13, =0.0.55-alpha.14 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9V62-24CR-58CX...

Denial of Service in node-sass

Affected versions of node-sass are vulnerable to Denial of Service DoS. Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::getimporterentry and CustomImporterBridge::postprocessreturnvalue that crash the Node process. This may allow attackers to...