CVE-2022-43357 (High) detected in sassv0.4.7 - autoclosed

[mend-for-github.aaakk.us.kg]

CVE-2022-43357 - High Severity Vulnerability

Vulnerable Library - sassv0.4.7

Library home page: https://github.com/rstudio/sass.git

Found in HEAD commit: 1674c97b7650cfe7549a39b0ce4527f9692c7b67

Found in base branch: main

Vulnerable Source Files (1)

/node_modules/node-sass/src/libsass/src/ast_selectors.cpp

Vulnerability Details

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

Publish Date: 2023-08-22

URL: CVE-2022-43357

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

[AMoo-Miki]

Waiting for sass/libsass#3177.

[mend-for-github.aaakk.us.kg]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.