ilkeraltin / react-nodejs-todo-app Goto Github PK

Vulnerable Library - growl-1.9.2.tgz

Growl unobtrusive notifications

Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/growl/package.json

Dependency Hierarchy:

• mocha-3.5.3.tgz (Root Library)
  • ❌ growl-1.9.2.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Publish Date: 2018-06-04

URL: CVE-2017-16042

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-16042

Release Date: 2018-06-04

Fix Resolution: 1.10.2

Vulnerable Library - superagent-2.3.0.tgz

elegant & feature rich browser / node HTTP with a fluent API

Library home page: https://registry.npmjs.org/superagent/-/superagent-2.3.0.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/superagent/package.json

Dependency Hierarchy:

• chai-http-3.0.0.tgz (Root Library)
  • ❌ superagent-2.3.0.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.

Publish Date: 2018-06-07

URL: CVE-2017-16129

CVSS 3 Score Details (5.9)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-16129

Release Date: 2019-04-08

Fix Resolution: 3.7.0

Vulnerable Library - eslint-3.19.0.tgz

An AST-based pattern checker for JavaScript.

Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /react-nodejs-todo-app/node_modules/eslint/package.json

Dependency Hierarchy:

• ❌ eslint-3.19.0.tgz (Vulnerable Library)

Found in HEAD commit: 8ef2acd9e929521fb5f0b95edc909fd351724202

Vulnerability Details

A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.

Publish Date: 2018-02-27

URL: WS-2018-0347

CVSS 2 Score Details (4.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: eslint/eslint#10002

Release Date: 2019-06-16

Fix Resolution: 4.18.2

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Vulnerable Library - growl-1.9.2.tgz

Growl unobtrusive notifications

Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/growl/package.json

Dependency Hierarchy:

• mocha-3.5.3.tgz (Root Library)
  • ❌ growl-1.9.2.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

Affected versions of the package are vulnerable to Arbitrary Code Injection.

Publish Date: 2017-05-01

URL: WS-2017-0236

CVSS 2 Score Details (5.6)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: tj/node-growl@d9f6ea2

Release Date: 2016-09-05

Fix Resolution: Replace or update the following files: package.json, growl.js

Vulnerable Library - open-0.0.5.tgz

open a file or url in the user's preferred application

Library home page: https://registry.npmjs.org/open/-/open-0.0.5.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/open/package.json

Dependency Hierarchy:

• webpack-dev-server-1.16.5.tgz (Root Library)
  • ❌ open-0.0.5.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

All versions of open are vulnerable to command injection when unsanitized user input is passed in.

Publish Date: 2018-05-16

URL: WS-2018-0107

CVSS 2 Score Details (10.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/663

Release Date: 2018-05-16

Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - eslint-3.19.0.tgz

An AST-based pattern checker for JavaScript.

Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /react-nodejs-todo-app/node_modules/eslint/package.json

Dependency Hierarchy:

• ❌ eslint-3.19.0.tgz (Vulnerable Library)

Found in HEAD commit: 8ef2acd9e929521fb5f0b95edc909fd351724202

Vulnerability Details

A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.

Publish Date: 2019-06-17

URL: WS-2018-0592

CVSS 2 Score Details (4.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: eslint/eslint#10002

Release Date: 2019-06-16

Fix Resolution: 4.18.2

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/braces/package.json

Dependency Hierarchy:

• webpack-dev-server-1.16.5.tgz (Root Library)
  • http-proxy-middleware-0.17.4.tgz
    • micromatch-2.3.11.tgz
      • ❌ braces-1.8.5.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Vulnerable Library - js-yaml-3.7.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/js-yaml/package.json

Dependency Hierarchy:

• eslint-3.19.0.tgz (Root Library)
  • ❌ js-yaml-3.7.0.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - js-yaml-3.7.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/js-yaml/package.json

Dependency Hierarchy:

• eslint-3.19.0.tgz (Root Library)
  • ❌ js-yaml-3.7.0.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Vulnerable Library - diff-3.2.0.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-3.2.0.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/diff/package.json

Dependency Hierarchy:

• mocha-3.5.3.tgz (Root Library)
  • ❌ diff-3.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 8ef2acd9e929521fb5f0b95edc909fd351724202

Vulnerability Details

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Publish Date: 2019-06-11

URL: WS-2018-0590

CVSS 2 Score Details (7.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: kpdecker/jsdiff@2aec429

Release Date: 2019-06-11

Fix Resolution: 3.5.0

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - axios-0.15.3.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.15.3.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /react-nodejs-todo-app/node_modules/axios/package.json

Dependency Hierarchy:

• ❌ axios-0.15.3.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - shelljs-0.7.8.tgz

Portable Unix shell commands for Node.js

Library home page: https://registry.npmjs.org/shelljs/-/shelljs-0.7.8.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/shelljs/package.json

Dependency Hierarchy:

• eslint-3.19.0.tgz (Root Library)
  • ❌ shelljs-0.7.8.tgz (Vulnerable Library)

Found in HEAD commit: 8ef2acd9e929521fb5f0b95edc909fd351724202

Vulnerability Details

Shelljs 0.8.3 and before are vulnerable to Command Injection. Commands can be invoked from shell.exec(), those commands will include input from external sources, to be passed as arguments to system executables and allowing an attacker to inject arbitrary commands.

Publish Date: 2019-06-16

URL: WS-2017-3737

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: High

Vulnerable Library - debug-2.6.8.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.6.8.tgz

Path to dependency file: /react-nodejs-todo-app/package.json

Path to vulnerable library: /tmp/git/react-nodejs-todo-app/node_modules/mocha/node_modules/debug/package.json

Dependency Hierarchy:

• mocha-3.5.3.tgz (Root Library)
  • ❌ debug-2.6.8.tgz (Vulnerable Library)

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Vulnerability Details

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Publish Date: 2018-06-07

URL: CVE-2017-16137

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

Suggested Fix

Type: Change files

Origin: debug-js/debug@42a6ae0

Release Date: 2017-09-21

Fix Resolution: Replace or update the following file: node.js

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: c5a9398d8faf2305437178b27212fa8bdc7a115b

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/base.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operation.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/emitter.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/output.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/paths.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/json.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/units.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/listize.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass2scss.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/eval.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/expand.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/factory.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/boolean.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/source_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/value.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/callback_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/node.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/operators.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/parser.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/constants.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/list.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cssize.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/functions.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/util.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_function_bridge.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/custom_importer_bridge.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/bind.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/inspect.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/backtrace.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/extend.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debugger.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/cencode.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/number.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/color.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/c99func.c
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/position.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/values.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/null.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/ast.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/include/sass/context.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_context_wrapper.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/lexer.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_c.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/sass_types/map.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/to_value.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/b64/encode.h
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/file.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/environment.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/plugins.hpp
• /react-nodejs-todo-app/node_modules/node-sass/src/binding.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
• /react-nodejs-todo-app/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5