compile-sass is vulnerable to OS command injection. Lack of validation and sanitization allows an attacker to inject and execute arbitrary OS commands within the rm
command in the function setupCleanupOnExit(cssPath)
in dist/index.js
.
CPE | Name | Operator | Version |
---|---|---|---|
compile-sass | le | 1.0.4 | |
compile-sass | le | 1.0.4 |