Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2018-19838
Good to know:
Date: December 4, 2018
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Language: JS
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400Top Fix
Upgrade Version
Upgrade to version dnaklik/dna-exchange-bundle - no_fix;node-sass - 4.14.0;stephane888/generate_style_theme - 1.0.1;OctoWeb - no_fix;ilhanet/erpnet-widget-resource - no_fix;tombeachell/forza-magento - no_fix;MIDIator.WebClient - 1.0.99;saphyr-solutions/saphyr-web-generator - no_fix;saphyr-solutions/saphyr-web-generator - dev-ppe;saphyr-solutions/saphyr-web-generator - 1.0.x-dev;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/decode-uri-component-0.2.2;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/path-parse-1.0.7;scancode/portal-module - v1.0.12;oxid-esales/wave-theme - dev-oxscript-google-analytics;archambaultalex/image-field - no_fix;PWPTemplateCMS - no_fix;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - dev-fixUpLanguageConstants;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;oburatongoi/productivity - 0.0.13;vesperphp/project - no_fix;rjzaar/opencourse - dev-julprod;rjzaar/opencourse - no_fix;chrisbraybrooke/laravel-ecommerce - 0.0.17;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.56;files.com/files-php-sdk - v1.0.7;miljoen/nova-autofill - v1.0.0;miljoen/nova-autofill - no_fix;greenpeace/planet4-child-theme-storytelling - dev-old-ui;greenpeace/planet4-child-theme-storytelling - v0.9.7;greenpeace/planet4-child-theme-storytelling - v0.12;kraenkvisuell/nova-cms-media - v1.2.2;kraenkvisuell/nova-cms-media - v1.0.3;kraenkvisuell/nova-cms-media - no_fix;trezebits/trezevel-gallery - no_fix;acquia/acquia_cms - 2020-11-05;acquia/acquia_cms - 2020-10-11;acquia/acquia_cms - 2020-11-17;mmi/mmi-cms - 2.3.1;cloudscribe.templates - 5.2.0;islandora/islandora_starter_theme - dev-bd-d9-update;islandora/islandora_starter_theme - dev-main;islandora/islandora_starter_theme - dev-don_patch;zymawy/ironside-core - dev-utils;ViewPacker - 1.0.18;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-update-angularjs;islandora/islandora_base_theme - dev-thumbnail-speed-patch;islandora/islandora_base_theme - no_fix;islandora/islandora_base_theme - dev-bd-d9-updates;GR.PageRender.Razor - 1.8.0;narirock/marrs-catalog - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;angellco/spoon - 3.2.5;doublesecretagency/craft-spoon - 3.2.5;yivic/yivic-elce - no_fix;OctoWeb01 - no_fix;platformatory/opendevx - no_fix;anupsathya/umd_bootstrap_sass - no_fix;i-saad-salman/statamic-analytics - no_fix;gheb/nn - dev-master;basic-builder/easybuilder-bundle - v0.0.3;org.webjars.npm:node-sass:no_fix;org.webjars.npm:bourbon-neat:2.1.0
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | PARTIAL |
| Additional information: |