-
Notifications
You must be signed in to change notification settings - Fork 917
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-24025 (Medium) detected in node-sass-4.13.1.tgz - autoclosed - autoclosed #1067
Comments
Fixed in #1028 |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
# [25.4.0](elastic/elastic-charts@v25.3.0...v25.4.0) (2021-03-23) ### Bug Fixes * chromium area path render bug ([opensearch-project#1067](elastic/elastic-charts#1067)) ([37301bf](elastic/elastic-charts@37301bf)) ### Features * **tooltip:** expose datum in the TooltipValue ([opensearch-project#1082](elastic/elastic-charts#1082)) ([48dc9d5](elastic/elastic-charts@48dc9d5)), closes [opensearch-project#1042](elastic/elastic-charts#1042) * **wordcloud:** wordcloud ([opensearch-project#1038](elastic/elastic-charts#1038)) ([d724cad](elastic/elastic-charts@d724cad))
Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: opensearch-project#1067 opensearch-project#1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Seen this CVE in 2.x. |
…der to 10.4.1 in 2.x Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: opensearch-project#1067 opensearch-project#1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
…der to 10.4.1 in 2.x Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: opensearch-project#1067 opensearch-project#1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
…der to 10.4.1 in 2.x Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: opensearch-project#1067 opensearch-project#1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
…der to 10.4.1 in 2.x Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: opensearch-project#1067 opensearch-project#1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
CVE-2020-24025 - Medium Severity Vulnerability
Vulnerable Library - node-sass-4.13.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 4fd064970b66ce555f48c22dfab6ed965d0e260a
Found in base branch: main
Vulnerability Details
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Publish Date: 2021-01-11
URL: CVE-2020-24025
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-24025
Release Date: 2021-01-11
Fix Resolution: node-sass - 5.0.0
The text was updated successfully, but these errors were encountered: