Main Vulnerability Database Vulnerabilities #VU24239

Resource exhaustion in node-sass - #VU24239

Published: January 14, 2020

Vulnerability identifier: #VU24239

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: xzyfer

Affected software:
node-sass

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.npmjs.com/advisories/961

Resource exhaustion in node-sass - #VU24239

Detailed vulnerability description

Remediation

Sources

Please verify you're human