GHSA-6v6p-g8cg-2hgg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6v6p-g8cg-2hgg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6v6p-g8cg-2hgg/GHSA-6v6p-g8cg-2hgg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6v6p-g8cg-2hgg
- Published
- 2022-04-01T12:56:28Z
- Modified
- 2024-12-05T05:39:36.659473Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Improper Certificate Validation in node-sass affects eZ Platform
- Details
-
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. This affects eZ Platform v2.5 only. The maintainers resolved it by replacing node-sass 4.11 with sass 1.32.13. This issue also affects ezsystems/ezplatform and ezsystems/ezplatform-page-builder.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-295" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-04-01T12:56:28Z" }- References
-
- https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-6v6p-g8cg-2hgg
- https://nvd.nist.gov/vuln/detail/CVE-2020-24025
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-002-vulnerability-in-node-sass
- https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
- https://github.com/ezsystems/ezplatform-admin-ui
- https://github.com/ezsystems/ezplatform-admin-ui/releases/tag/v1.5.27
Affected packages
Packagist / ezsystems/ezplatform-admin-ui
Package
- Name
- ezsystems/ezplatform-admin-ui
- Purl
- pkg:composer/ezsystems/ezplatform-admin-ui