Libsass Security Vulnerabilities and Issues — Libsass CVE List

Lucene search

Sass-langLibsass

8 matches found

CVE•added 2019/04/23 2:29 p.m.•143 views

CVE-2018-20821

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

6.5CVSS6.3AI score0.01076EPSS

CVE•added 2019/01/14 10:29 p.m.•136 views

CVE-2019-6286

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

6.5CVSS6.9AI score0.00398EPSS

CVE•added 2019/04/23 2:29 p.m.•131 views

CVE-2018-20822

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

6.5CVSS6.3AI score0.00521EPSS

CVE•added 2019/01/14 10:29 p.m.•126 views

CVE-2019-6284

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

6.5CVSS6.5AI score0.00223EPSS

CVE•added 2019/01/14 10:29 p.m.•123 views

CVE-2019-6283

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

6.5CVSS6.5AI score0.00394EPSS

CVE•added 2019/11/06 4:15 p.m.•48 views

CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

6.5CVSS6.3AI score0.00276EPSS

CVE•added 2019/11/06 4:15 p.m.•47 views

CVE-2019-18799

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.

6.5CVSS6.5AI score0.00434EPSS

CVE•added 2019/11/06 4:15 p.m.•45 views

CVE-2019-18798

LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.

6.5CVSS6.7AI score0.00433EPSS