Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0605
Good to know:
Date: July 16, 2019
In sass versions between 3.2.0 to 3.6.3 may read 1 byte outside an allocated buffer while parsing a specially crafted css rule.
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
Stack-based Buffer Overflow
CWE-121Top Fix
Upgrade Version
Upgrade to version islandora/islandora_base_theme - dev-bd-d9-updates;islandora/islandora_base_theme - no_fix;islandora/islandora_base_theme - dev-thumbnail-speed-patch;zymawy/ironside-core - dev-utils;kraenkvisuell/nova-cms-media - no_fix;kraenkvisuell/nova-cms-media - v1.0.3;kraenkvisuell/nova-cms-media - v1.2.2;islandora/islandora_starter_theme - dev-bd-d9-update;islandora/islandora_starter_theme - dev-main;islandora/islandora_starter_theme - dev-don_patch;sass-sys - 0.4.20;sass-sys - 0.2.0;GR.PageRender.Razor - 1.8.0;acquia/acquia_cms - 2020-10-11;acquia/acquia_cms - 2020-11-17;acquia/acquia_cms - 2020-11-05;angellco/spoon - 3.2.5;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-update-angularjs;doublesecretagency/craft-spoon - 3.2.5;oburatongoi/productivity - 0.0.13;oburatongoi/productivity - 0.0.1;oburatongoi/productivity - no_fix;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.17;narirock/marrs-catalog - no_fix;kayrules/solatjakim-api-site - dev-version-1.0;make-sense - no_fix;greenpeace/planet4-child-theme-storytelling - dev-old-ui;greenpeace/planet4-child-theme-storytelling - v0.9.7;greenpeace/planet4-child-theme-storytelling - v0.12;yivic/yivic-elce - no_fix;OctoWeb01 - no_fix;miljoen/nova-autofill - no_fix;miljoen/nova-autofill - v1.0.0;scancode/portal-module - v1.0.12;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/decode-uri-component-0.2.2;scancode/portal-module - dev-dependabot/npm_and_yarn/Resources/assets/coreui/path-parse-1.0.7;saphyr-solutions/saphyr-web-generator - no_fix;saphyr-solutions/saphyr-web-generator - 1.0.x-dev;saphyr-solutions/saphyr-web-generator - dev-ppe;rb-sassc - no_fix;rjzaar/opencourse - no_fix;rjzaar/opencourse - dev-julprod;basic-builder/easybuilder-bundle - v0.0.3;gheb/nn - dev-master;dnaklik/dna-exchange-bundle - no_fix;stephane888/generate_style_theme - 1.0.1;i-saad-salman/statamic-analytics - no_fix;oxid-esales/wave-theme - dev-oxscript-google-analytics;anupsathya/umd_bootstrap_sass - no_fix;vesperphp/project - no_fix;platformatory/opendevx - no_fix;Fable.Template.Elmish.React - 0.1.6;pwptemplatepusintek - no_fix;archambaultalex/image-field - no_fix;MIDIator.WebClient - 1.0.105;grass - 0.10.4;ilhanet/erpnet-widget-resource - no_fix;OctoWeb - no_fix;tombeachell/forza-magento - no_fix;trezebits/trezevel-gallery - no_fix;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-omage-theme;cloudscribe.templates - 5.2.0;PWPTemplateCMS - no_fix;files.com/files-php-sdk - v1.0.7;mmi/mmi-cms - 2.3.1;ViewPacker - 1.0.18;org.webjars.npm:bourbon-neat:2.1.0;org.webjars.npm:node-sass:no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |