Skip to content

CVE-2018-19826 (Medium) detected in opennmsopennms-source-25.1.0-1 #238

New issue
New issue
Open
Open
CVE-2018-19826 (Medium) detected in opennmsopennms-source-25.1.0-1#238
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-bolt-for-github

Description

@mend-bolt-for-github
mend-bolt-for-github
bot
opened on Dec 18, 2023

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-25.1.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: a1134e0d69c95f5b6b6bbfb161bbf263699292f0

Found in base branch: main

Vulnerable Source Files (1)

/.vscode/extensions/vscjava.vscode-java-test-0.30.1/node_modules/node-sass/src/libsass/src/inspect.cpp

Vulnerability Details

In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions