Affected versions of
node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the
renderSync function may trigger C++ assertions in
CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.
Upgrade to version 4.13.1 or later