sass-asset-pipeline 3.4.6 uses a vulnerable versions of transitive dependencies #314
Comments
|
jsass is deprecated and will probably get no update: #276 (comment) The sass-dart-asset-pipeline is a replacement: #287 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Provides transitive vulnerable dependency org.apache.commons:commons-text:1.8 CVE-2022-42889 9.8 Improper Control of Generation of Code ('Code Injection') vulnerability with high severity found Results powered by Checkmarx(c)
Provides transitive vulnerable dependency io.bit3:jsass:5.10.4 CVE-2018-20190 6.5 NULL Pointer Dereference vulnerability pending CVSS allocation CVE-2017-12963 7.5 Out-of-bounds Read vulnerability pending CVSS allocation CVE-2018-20822 6.5 Uncontrolled Recursion vulnerability pending CVSS allocation CVE-2017-11608 6.5 Out-of-bounds Read vulnerability pending CVSS allocation CVE-2018-11697 8.1 Out-of-bounds Read vulnerability pending CVSS allocation CVE-2017-12964 7.5 Uncontrolled Recursion vulnerability with medium severity found CVE-2019-6286 6.5 Out-of-bounds Read vulnerability pending CVSS allocation CVE-2018-20821 6.5 Uncontrolled Recursion vulnerability pending CVSS allocation CVE-2017-11556 7.5 Uncontrolled Recursion vulnerability pending CVSS allocation CVE-2019-6283 6.5 Out-of-bounds Read vulnerability pending CVSS allocation Results powered by Checkmarx(c)
Provides transitive vulnerable dependency commons-io:commons-io:2.6 CVE-2021-29425 4.8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability pending CVSS allocation Results powered by Checkmarx(c)
The text was updated successfully, but these errors were encountered: