[Snyk: High] Uncontrolled Recursion node-sass (Due 3/28/2022) #660

patphongs · 2022-01-27T17:29:55Z

Vulnerable module: node-sass
Introduced through: node-sass@7.0.1

Detailed paths
Introduced through: node-sass@7.0.1

Overview
node-sass is a Node.js bindings package for libsass.

Affected versions of this package are vulnerable to Uncontrolled Recursion via Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. Note: node-sass is affected by this vulnerability due to its bundled usage of the libsass package.

pkfec · 2022-02-24T16:07:59Z

node-sass is not vulnerable package anymore here:https://app.snyk.io/org/fecgov/project/5e01de94-91bc-43d8-90b1-8843384b4b26

node-sass package is moved to dev dependencies list in a recent pr# #663.

patphongs added the Security: moderate Remediate within 60 days label Jan 27, 2022

patphongs added this to the Sprint 17.4 milestone Jan 27, 2022

patphongs mentioned this issue Jan 27, 2022

Check logs Sprint 17.1 week2 (01/26/2022) fecgov/openFEC#5020

Closed

1 task

JonellaCulmer assigned pkfec Feb 24, 2022

JonellaCulmer modified the milestones: Sprint 17.4, Sprint 17.3 Feb 24, 2022

pkfec closed this as completed Feb 24, 2022

patphongs mentioned this issue Feb 29, 2024

Epic: Stability and reliability fecgov/fec-epics#137

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk: High] Uncontrolled Recursion node-sass (Due 3/28/2022) #660

[Snyk: High] Uncontrolled Recursion node-sass (Due 3/28/2022) #660

patphongs commented Jan 27, 2022

pkfec commented Feb 24, 2022

[Snyk: High] Uncontrolled Recursion node-sass (Due 3/28/2022) #660

[Snyk: High] Uncontrolled Recursion node-sass (Due 3/28/2022) #660

Comments

patphongs commented Jan 27, 2022

pkfec commented Feb 24, 2022