GHSA-r8f7-9pfq-mjmv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-r8f7-9pfq-mjmv/GHSA-r8f7-9pfq-mjmv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r8f7-9pfq-mjmv
- Aliases
- Published
- 2022-02-09T22:22:24Z
- Modified
- 2023-11-08T04:03:06.466435Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Improper Certificate Validation in node-sass
- Details
-
Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
- Database specific
{ "nvd_published_at": "2021-01-11T19:15:00Z", "severity": "MODERATE", "cwe_ids": [ "CWE-295" ], "github_reviewed": true, "github_reviewed_at": "2021-04-06T22:18:40Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-24025
- https://github.com/sass/node-sass/issues/3067
- https://github.com/sass/node-sass/pull/3149
- https://github.com/sass/node-sass/pull/567#issuecomment-656609236
- https://github.com/sass/node-sass/commit/0a21792803639851b480fbd8cbcb5540ef974387
- https://github.com/sass/node-sass
- https://github.com/sass/node-sass/releases/tag/v7.0.0
Affected packages
npm / node-sass
Package
- Name
- node-sass
- View open source insights on deps.dev
- Purl
- pkg:npm/node-sass