scriptex / itscss Goto Github PK

View Code? Open in Web Editor NEW

6.0 3.0 1.0 827 KB

Starter SCSS boilerplate utilizing the ITCSS pattern

Home Page: https://itscss.atanas.info/

License: MIT License

JavaScript 1.68% SCSS 98.32%

css-boilerplate itcss-boilerplate scss-boilerplate

itscss's Introduction

ITSCSS

A starter boilerplate based on the ITCSS (Inverted Triangle CSS) methodology.

Visitor stats

Code stats

About

ITSCSS is a mobile-first, responsive, battle-tested SCSS framework based on the ITCSS methodology utilizing the BEM methodology.

This boilerplate is intented to be used as a starting point in your application. You should use this as a foundation for your CSS and build on top of it.

If you want to use the full capabilities of this boilerplate such as variables, mixins, etc., then you should include it in your SCSS files.

You can also use the plain CSS version which lacks mixins and other useful tools.

Install

# Via NPM
npm i itscss

# Via Yarn
yarn add itscss

Usage

If you are using a module bundler (such as Webpack, Parcel, Browserify):

# In your SCSS entrypoint
@import 'itscss';

# Or if the above does not resolve, try
@import 'itscss/index.scss';

There are several predefined variables which you can overwrite:

/* Color Variables */
$color-base: #333;
$color-white: #fff;
$color-black: #000;
$color-action: #ef4c23;

/* Text Variables */
$font-sans-serif: sans-serif;
$font-serif: serif;
$font-monospace: monospace;

$font-size-base: 1rem;
$line-height-base: 1.35;

$font-size-h1: 2rem;
$font-size-h2: 1.75rem;
$font-size-h3: 1.5rem;
$font-size-h4: 1.25rem;
$font-size-h5: $font-size-base;
$font-size-h6: 0.75rem;

/* Transition Variables */
$timing: 0.4s;
$easing: ease-in-out;

/* Spacing between grid items */
$gap: 0.5rem;

/* Number of columns in the grid */
$columns: 12;

/* The maximum width of the shell container */
$shell-width: 75rem;

/* The left and right padding of the shell container */
$shell-gap: 1rem;

/* Responsive breakpoints */
$small-desktop: 1439px;
$tablet-landscape: 1279px;
$tablet-portrait: 1023px;
$mobile: 767px;

/*
	A map of breakpoints used to create
	the grid columns rules and
	the responsive utility classnames
*/
$breakpoints: (
	xs: (
		min: 0,
		max: $mobile
	),
	sm: (
		min: $mobile + 1,
		max: $tablet-portrait
	),
	md: (
		min: $tablet-portrait + 1,
		max: $tablet-landscape
	),
	lg: (
		min: $tablet-landscape + 1,
		max: $small-desktop
	),
	xl: (
		min: $small-desktop + 1
	)
);

/* A list of display properties */
$displays: 'block', 'inline', 'inline-block', 'flex', 'inline-flex';

/* A list of text alignment properties */
$alignments: 'center', 'right', 'left', 'justify';

/*
	A map of elements used to define z-index property.
	See Functions section below for more details.
*/
$z-indexes: (
	header: (),
	main: (
		alert: (),
		content: (
			title,
			inner,
			overlay
		),
		aside: ()
	),
	footer: (),
	modal: ()
);

You should place the overwriting variables before the @import statement.

Supported browsers

The combined and built version of this boilerplate has been tested and works in all evergreen browsers (Chrome, Firefox, Edge, Opera, Safari, Brave, Vivaldi, iOS Safari, Chrome on Android, Samsung Internet) and IE 10+.

Available files, selectors, variables and their usage

Settings

_colors.scss - contains variables for all colors
_text.scss - contains variables for all font settings
_transitions.scss - contains variables for transition duration and timing function
_variables.scss - contains variables for all other variables/settings

Tools

_chevron.scss - a mixin for a directional arrow icon

Usage:

/* prettier-ignore */
@include chevron(
	2rem, /* width and height */
	0 0 1px 1px, /* border width */
	$color-black, /* border color */
	-5px 0 0 0.5em, /* margin */
	-135deg /* rotation */
);

_flexbox.scss - a set of mixins for flexbox

Contains several mixins:

/* General purpose flex container */
/* prettier-ignore */
@include flex(
	center /* align-items */,
	flex-end /* justify-content */,
    wrap /* flex-wrap */,
    row /* flex-direction */,
    flex /* display */
);

/* Flex container with flex-direction set to "row" */
/* prettier-ignore */
@include flex-row(
	no-wrap /* wrap */,
	center /* align-items */,
	flex-end /* justify-content */
);

/* Flex container with flex-direction set to "column" */
/* prettier-ignore */
@include flex-column(
	no-wrap /* wrap */
	center /* align-items */
	flex-end /* justify-content */
);

/* Inline-flex container with flex-direction set to "row" */
/* prettier-ignore */
@include inline-flex-row(
	no-wrap /* wrap */,
	center /* align-items */,
	flex-end /* justify-content */
);

/* Inline-flex container with flex-direction set to "column" */
/* prettier-ignore */
@include inline-flex-column(
	no-wrap /* wrap */
	center /* align-items */
	flex-end /* justify-content */
);

/* Inline-flex container with flex-direction set to "row" */
/* prettier-ignore */
@include inline-flex-row(
	no-wrap /* wrap */,
	center /* align-items */,
	flex-end /* justify-content */
);

/* Inline-flex container with flex-direction set to "column" */
/* prettier-ignore */
@include inline-flex-column(
	no-wrap /* wrap */
	center /* align-items */
	flex-end /* justify-content */
);

/* Grid rules based on the $columns and $breakpoints variables */
@include grid;

_functions.scss - a collection of SCSS functions

Contains the following functions:

// Uses the $z-indexes variable from above.
// Defines z-index based on the index of given key sequence:
// .header {
//   z-index: z(header);
// }
//
// .main {
//   z-index: z(main);
// }
//
// .alert {
//   z-index: z(main, alert, high);
// }
//
// .content__title {
//   z-index: z(main, content, title);
// }
@function z($keys);

_media-queries.scss - mixins for all supported media queries

Custom media queries:

/* (max-width: 1439px) */
@media (small-desktop) {
}

/* (min-width: 1279px) */
@media (desktop-only) {
}

/* (max-width: 1279px) */
@media (tablet-landscape) {
}

/* (min-width: 1023px) and (max-width: 1279px) */
@media (tablet-landscape-only) {
}

/* (max-width: 1023px) */
@media (tablet-portrait) {
}

/* (min-width: 767px) and (max-width: 1023px) */
@media (tablet-portrait-only) {
}

/* (max-width: 767px) */
@media (mobile) {
}

/* (prefers-reduced-motion: reduce) */
@media (reduced-motion) {
}

/* hover support */
@media (hover) {
} ;

_mixins.scss - all other mixins

Available mixins:

/* absolutely positions an element with known dimensions in the center of their relative parent element */
@include centered;

/* change the display property of an element with the given $value */
@include display($value);

Generic

_form-elements.scss - default styles for form elements
_reset.scss - additional browser reset and normalize (normalize.css is also included)
_transitions.scss - default transitions for focusable/active elements

Elements

_document.scss - default styles for the body element
_headings.scss - default styles for all h* (h1 - h6) tags
_links.scss - default styles for anchors
_texts.scss - default styles for text elements

Objects

_grid.scss - a grid system

Available selectors are:

/* defines a grid container */
.o-grid {
}

/* defines a grid item */
.o-grid__item {
}

/**
	depending on the $breakpoints and $columns variables
	the following selectors will vary.
	1 means 1/12 of the available width.
	12 means all of the available width.
	Here are the defaults
*/
/* From 0 to 767px */
.xs-1 to .xs-12
/* From 768px to 1023px */
.sm-1 to .sm-12
/* From 1024px to 1279px */
.md-1 to .md-12
/* From 1280px to 1439px */
.lg-1 to .lg-12
/* From 1440px above */
.xl-1 to .xl-12;

_main.scss - styles for the main element

Available selectors are:

/* defines the main content. used with <main> element */
.o-main {
}

_shell.scss - styles for the site container

Available selectors are:

/* defines the site container */
.o-shell {
}

/* defines the site container as flex container */
.o-shell--flex {
}

/* makes the site container take the whole browser width */
.o-shell--fluid {
}

_wrapper.scss - styles for the site wrapper

Available selectors are:

/* defines the parent container of all other elements. usually the only child of the <body> element */
.o-wrapper {
}

Components

_btn.scss - default styles for the buttons

Available selectors are:

/* default styles for a button */
.c-btn {
}

/* makes the button fill its parent's width */
.c-btn--block {
}

_list.scss - default styles for lists. A list is an element with a classname which starts with c-list

Utilities

_align.scss - alignment class utilities

Available selectors are:

/* align to the left */
.alignleft {
}

/* align to the right */
.alignright {
}

/* clear the alignment */
.alignnone {
}

/* clear the alignment and center horizontally */
.aligncenter {
}

_clear.scss - utilites to clear after floats

Available selectors are:

/* clear both */
.clear {
}

/* clear right */
.clear-right {
}

/* clear left */
.clear-left {
}

_fullsize-background.scss - helper for background image

Available selectors are:

/* makes the element's background image take the whole size of the element using "background-size: cover" */
.fullsize-background {
}

_hidden.scss - helper class/attribute for hidden elements

Available selectors are:
```
.hidden,
[hidden] {
}
```
_preferences.scss - contains user preferences settings such as reduced-motion or prefers-color-scheme preferences.

_responsive-utilities.scss - helpers for showing/hiding elements on different resolutions. For resolutions reference please check the media queries section. These utility classnames are based on the $breakpoints and the $displays variables.

Available selectors are:

.visible-xs-block {
}
.visible-xs-inline {
}
.visible-xs-inline-block {
}
.visible-xs-flex {
}
.visible-xs-inline-flex {
}
.visible-sm-block {
}
.visible-sm-inline {
}
.visible-sm-inline-block {
}
.visible-sm-flex {
}
.visible-sm-inline-flex {
}
.visible-md-block {
}
.visible-md-inline {
}
.visible-md-inline-block {
}
.visible-md-flex {
}
.visible-md-inline-flex {
}
.visible-lg-block {
}
.visible-lg-inline {
}
.visible-lg-inline-block {
}
.visible-lg-flex {
}
.visible-lg-inline-flex {
}
.visible-xl-block {
}
.visible-xl-inline {
}
.visible-xl-inline-block {
}
.visible-xl-flex {
}
.visible-xl-inline-flex {
}
.hidden-xs {
}
.hidden-sm {
}
.hidden-md {
}
.hidden-lg {
}
.hidden-xl {
}

_text-align.scss - text alignment utilities. These utilites classnames are based on the $alignments variable

Available selectors are:

/* align text to the left */
.text-left {
}

/* align text to the center */
.text-center {
}

/* align text to the right */
.text-right {
}

/* align text to the right */
.text-justify {
}

LICENSE

MIT

Connect with me:

Support and sponsor my work:

itscss's People

Contributors

Stargazers

Watchers

Forkers

delta94

itscss's Issues

CVE-2018-19839 (Medium) detected in node-sass-v4.11.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in node-sass-v4.11.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in node-sass-v4.11.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in node-sass-v4.11.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/itscss/package.json

Path to vulnerable library: /tmp/ws-scm/itscss/node_modules/lodash/package.json

Dependency Hierarchy:

node-sass-4.14.1.tgz (Root Library)
- ❌ lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: e0652fb70ac1f201cc7c609b8a807b68e6df44f2

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23364 (Medium) detected in browserslist-4.16.3.tgz

CVE-2021-23364 - Medium Severity Vulnerability

Vulnerable Library - browserslist-4.16.3.tgz

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/browserslist/package.json

Dependency Hierarchy:

❌ browserslist-4.16.3.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Publish Date: 2021-04-28

URL: CVE-2021-23364

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364

Release Date: 2021-04-28

Fix Resolution: browserslist - 4.16.5

Step up your Open Source Security Game with WhiteSource here

WS-2020-0068 (Medium) detected in yargs-parser-13.1.2.tgz

WS-2020-0068 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-13.1.2.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz

Path to dependency file: /tmp/ws-scm/itscss/package.json

Path to vulnerable library: /tmp/ws-scm/itscss/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.14.1.tgz (Root Library)
- sass-graph-2.2.5.tgz
  - yargs-13.3.2.tgz
    - ❌ yargs-parser-13.1.2.tgz (Vulnerable Library)

Found in HEAD commit: e794d65dcb78365f28ce12abf82710f1d0c9f061

Vulnerability Details

Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.

Publish Date: 2020-05-01

URL: WS-2020-0068

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/yargs-parser

Release Date: 2020-05-04

Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3807 (High) detected in multiple libraries

CVE-2021-3807 - High Severity Vulnerability

Vulnerable Libraries - ansi-regex-4.1.0.tgz, ansi-regex-3.0.0.tgz, ansi-regex-5.0.0.tgz

ansi-regex-4.1.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/ansi-regex/package.json

Dependency Hierarchy:

node-sass-6.0.1.tgz (Root Library)
- sass-graph-2.2.5.tgz
  - yargs-13.3.2.tgz
    - cliui-5.0.0.tgz
      - strip-ansi-5.2.0.tgz
        
        ❌ ansi-regex-4.1.0.tgz (Vulnerable Library)

ansi-regex-3.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/ansi-regex/package.json

Dependency Hierarchy:

node-sass-6.0.1.tgz (Root Library)
- npmlog-4.1.2.tgz
  - gauge-2.7.4.tgz
    - wide-align-1.1.3.tgz
      - string-width-2.1.1.tgz
        
        strip-ansi-4.0.0.tgz
        
        ❌ ansi-regex-3.0.0.tgz (Vulnerable Library)

ansi-regex-5.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/ansi-regex/package.json

Dependency Hierarchy:

postcss-cli-8.3.1.tgz (Root Library)
- yargs-16.2.0.tgz
  - cliui-7.0.4.tgz
    - strip-ansi-6.0.0.tgz
      - ❌ ansi-regex-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: adeb39cb58d4f4b3e4214c789af70ff001d41657

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution: ansi-regex - 5.0.1,6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in node-sass-v4.11.0

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9521 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: f4ab33eda3328078cd72b050658cdbb50c033423

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in node-sass-v4.11.0

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in node-sass-v4.11.0

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /tmp/ws-scm/itscss/package.json

Path to vulnerable library: /tmp/ws-scm/itscss/node_modules/tar/package.json

Dependency Hierarchy:

node-sass-4.14.1.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: e0652fb70ac1f201cc7c609b8a807b68e6df44f2

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: tar - 4.4.2

Step up your Open Source Security Game with WhiteSource here

Optimize flexbox usage

Add a better and more comprehensive flexbox mixin.
Explore possible split and introduction of many smaller mixins.

CVE-2020-11022 (Medium) detected in jquery-3.4.0.min.js, jquery-2.1.4.min.js

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.0.min.js, jquery-2.1.4.min.js

jquery-3.4.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/test/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-3.4.0.min.js (Vulnerable Library)

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: e794d65dcb78365f28ce12abf82710f1d0c9f061

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in node-sass-v4.11.0

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Wrong media query for reduced motion

CVE-2020-7608 (Medium) detected in yargs-parser-5.0.0.tgz

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-5.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz

Path to dependency file: /tmp/ws-scm/itscss/package.json

Path to vulnerable library: /tmp/ws-scm/itscss/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.13.1.tgz (Root Library)
- sass-graph-2.2.4.tgz
  - yargs-7.1.0.tgz
    - ❌ yargs-parser-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 77529ff8addc114c1e9d31dbc9a76dd4eeef8bc9

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in node-sass-v4.11.0

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

WS-2019-0063 (High) detected in js-yaml-3.13.1.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.13.1.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz

Path to dependency file: /itscss/package.json

Path to vulnerable library: /tmp/git/itscss/node_modules/js-yaml/package.json

Dependency Hierarchy:

postcss-cli-6.1.3.tgz (Root Library)
- postcss-load-config-2.1.0.tgz
  - cosmiconfig-5.2.1.tgz
    - ❌ js-yaml-3.13.1.tgz (Vulnerable Library)

Found in HEAD commit: 0e6db0270b4d2dcd54f6ccdfbebdf9f87a4eb4e4

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0047 (Medium) detected in tar-2.2.1.tgz

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-2.2.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz

Path to dependency file: /itscss/package.json

Path to vulnerable library: /tmp/git/itscss/node_modules/tar/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ tar-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in node-sass-v4.11.0

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23362 (Medium) detected in hosted-git-info-2.8.8.tgz

CVE-2021-23362 - Medium Severity Vulnerability

Vulnerable Library - hosted-git-info-2.8.8.tgz

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/hosted-git-info/package.json

Dependency Hierarchy:

node-sass-5.0.0.tgz (Root Library)
- meow-3.7.0.tgz
  - normalize-package-data-2.5.0.tgz
    - ❌ hosted-git-info-2.8.8.tgz (Vulnerable Library)

Found in HEAD commit: 1103700e209878e38526ba90656791fe1d33098c

Found in base branch: master

Vulnerability Details

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().

Publish Date: 2021-03-23

URL: CVE-2021-23362

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8

Release Date: 2021-03-23

Fix Resolution: hosted-git-info - 3.0.8

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23368 (Medium) detected in postcss-7.0.35.tgz

CVE-2021-23368 - Medium Severity Vulnerability

Vulnerable Library - postcss-7.0.35.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/postcss-utilities/node_modules/postcss/package.json,itscss/node_modules/postcss-normalize/node_modules/postcss/package.json,itscss/node_modules/postcss-browser-comments/node_modules/postcss/package.json

Dependency Hierarchy:

postcss-utilities-0.8.4.tgz (Root Library)
- ❌ postcss-7.0.35.tgz (Vulnerable Library)

Found in HEAD commit: 3ccbb44a4b1cb4ad4f4d0c862dc07e38f233275d

Found in base branch: master

Vulnerability Details

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Publish Date: 2021-04-12

URL: CVE-2021-23368

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368

Release Date: 2021-04-12

Fix Resolution: postcss -8.2.10

Step up your Open Source Security Game with WhiteSource here

Remove body margin

It looks like it is no longer used in normalize.css

WS-2016-0090 (Medium) detected in jquery-2.1.4.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 9353d06b5c2544e85f133fb43a61c0421c50fa24

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in node-sass-v4.11.0

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23343 (Medium) detected in path-parse-1.0.6.tgz

CVE-2021-23343 - Medium Severity Vulnerability

Vulnerable Library - path-parse-1.0.6.tgz

Node.js path.parse() ponyfill

Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/path-parse/package.json

Dependency Hierarchy:

node-sass-5.0.0.tgz (Root Library)
- meow-3.7.0.tgz
  - normalize-package-data-2.5.0.tgz
    - resolve-1.20.0.tgz
      - ❌ path-parse-1.0.6.tgz (Vulnerable Library)

Found in HEAD commit: 3ccbb44a4b1cb4ad4f4d0c862dc07e38f233275d

Found in base branch: master

Vulnerability Details

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Publish Date: 2021-05-04

URL: CVE-2021-23343

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Extend responsive utilities

The responsive utilities located in styles/utilities folder should be extended to accommodate flex and inline-flex elements.

Something like this:

// Responsive Helpers
// scss-lint:disable ImportantRule

.visible-xs-block,
.visible-xs-inline,
.visible-xs-inline-block,
.visible-xs-inline-flex,
.visible-xs-flex,
.visible-sm-block,
.visible-sm-inline,
.visible-sm-inline-block,
.visible-sm-inline-flex,
.visible-sm-flex,
.visible-md-block,
.visible-md-inline,
.visible-md-inline-block,
.visible-md-inline-flex,
.visible-md-flex,
.visible-lg-block,
.visible-lg-inline,
.visible-lg-inline-block,
.visible-lg-inline-flex,
.visible-lg-flex {
	display: none !important;
}

@include mobile {
	.hidden-xs {
		display: none !important;
	}

	.visible-xs-block {
		display: block !important;
	}

	.visible-xs-inline {
		display: inline !important;
	}

	.visible-xs-inline-block {
		display: inline-block !important;
	}

	.visible-xs-inline-flex {
		display: inline-flex !important;
	}

	.visible-xs-flex {
		display: flex !important;
	}
}

@include tablet-portrait-only {
	.hidden-sm {
		display: none !important;
	}

	.visible-sm-block {
		display: block !important;
	}

	.visible-sm-inline {
		display: inline !important;
	}

	.visible-sm-inline-block {
		display: inline-block !important;
	}

	.visible-sm-inline-flex {
		display: inline-flex !important;
	}

	.visible-sm-flex {
		display: flex !important;
	}
}

@include tablet-landscape-only {
	.hidden-md {
		display: none !important;
	}

	.visible-md-block {
		display: block !important;
	}

	.visible-md-inline {
		display: inline !important;
	}

	.visible-md-inline-block {
		display: inline-block !important;
	}

	.visible-md-inline-flex {
		display: inline-flex !important;
	}

	.visible-md-flex {
		display: flex !important;
	}
}

@include desktop-only {
	.hidden-lg {
		display: none !important;
	}

	.visible-lg-block {
		display: block !important;
	}

	.visible-lg-inline {
		display: inline !important;
	}

	.visible-lg-inline-block {
		display: inline-block !important;
	}

	.visible-lg-inline-flex {
		display: inline-flex !important;
	}

	.visible-lg-flex {
		display: flex !important;
	}
}

CVE-2018-19826 (Medium) detected in node-sass-v4.11.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 9353d06b5c2544e85f133fb43a61c0421c50fa24

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23382 (Medium) detected in postcss-7.0.35.tgz

CVE-2021-23382 - Medium Severity Vulnerability

Vulnerable Library - postcss-7.0.35.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz

Path to dependency file: itscss/package.json

Dependency Hierarchy:

postcss-utilities-0.8.4.tgz (Root Library)
- ❌ postcss-7.0.35.tgz (Vulnerable Library)

Found in HEAD commit: 3ccbb44a4b1cb4ad4f4d0c862dc07e38f233275d

Found in base branch: master

Vulnerability Details

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).

Publish Date: 2021-04-26

URL: CVE-2021-23382

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382

Release Date: 2021-04-26

Fix Resolution: postcss - 8.2.13

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /itscss/package.json

Path to vulnerable library: /tmp/git/itscss/node_modules/lodash/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- ❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: d35572f9b70ee9eb1e54bf1c5bf6644aea789eed

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

WS-2019-0100 (Medium) detected in fstream-1.0.11.tgz

WS-2019-0100 - Medium Severity Vulnerability

Vulnerable Library - fstream-1.0.11.tgz

Advanced file system stream things

Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz

Path to dependency file: /itscss/package.json

Path to vulnerable library: /tmp/git/itscss/node_modules/fstream/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ fstream-1.0.11.tgz (Vulnerable Library)

Found in HEAD commit: ab5fb8311bcce399d695d9308194f8ab445e91f6

Vulnerability Details

Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

Publish Date: 2019-05-23

URL: WS-2019-0100

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/886

Release Date: 2019-05-23

Fix Resolution: 1.0.12

Step up your Open Source Security Game with WhiteSource here

Reduced motion MQ

Consider wrapping transitions and animations in a prefers-reduced-motion: no-preference media query because not all users like things to move

CVE-2020-11023 (Medium) detected in jquery-2.1.4.min.js

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 6dbfc098d5801bf06dbd8a60e72f017a1007b6e9

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in node-sass-v4.11.0

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 7f73d0c9029dd958f64417b3cc46083a0db3961f

Library Source Files (66)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: 3.6.3

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7774 (High) detected in y18n-4.0.0.tgz

CVE-2020-7774 - High Severity Vulnerability

Vulnerable Library - y18n-4.0.0.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/y18n/package.json

Dependency Hierarchy:

node-sass-5.0.0.tgz (Root Library)
- sass-graph-2.2.5.tgz
  - yargs-13.3.2.tgz
    - ❌ y18n-4.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 27238a620db909d7902aa9157b633c208d4818fe

Vulnerability Details

This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (7.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774

Release Date: 2020-11-17

Fix Resolution: 5.0.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in node-sass-v4.11.0

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in node-sass-v4.11.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

Check this box to trigger a request for Renovate to run again on this repository

CVE-2018-20821 (Medium) detected in node-sass-v4.11.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in node-sass-v4.11.0

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in node-sass-v4.11.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a8caab7ed54b055bf8113fb461abdb18f33bb3b3

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/itscss/node_modules/node-sass/src/libsass/src/expand.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/itscss/node_modules/node-sass/src/libsass/src/output.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.hpp
/itscss/node_modules/node-sass/src/libsass/src/util.hpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.hpp
/itscss/node_modules/node-sass/src/libsass/src/lexer.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_node.cpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/base.h
/itscss/node_modules/node-sass/src/libsass/src/position.hpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.hpp
/itscss/node_modules/node-sass/src/libsass/src/operation.hpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/itscss/node_modules/node-sass/src/libsass/src/error_handling.hpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.cpp
/itscss/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/itscss/node_modules/node-sass/src/libsass/src/functions.hpp
/itscss/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/itscss/node_modules/node-sass/src/libsass/src/eval.hpp
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/error_handling.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.cpp
/itscss/node_modules/node-sass/src/libsass/src/subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/emitter.cpp
/itscss/node_modules/node-sass/src/libsass/src/listize.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/itscss/node_modules/node-sass/src/libsass/src/output.cpp
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/itscss/node_modules/node-sass/src/libsass/src/functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.hpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.cpp
/itscss/node_modules/node-sass/src/libsass/src/paths.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.hpp
/itscss/node_modules/node-sass/src/sass_types/color.cpp
/itscss/node_modules/node-sass/src/libsass/test/test_unification.cpp
/itscss/node_modules/node-sass/src/libsass/src/values.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_util.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.hpp
/itscss/node_modules/node-sass/src/sass_types/list.h
/itscss/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/itscss/node_modules/node-sass/src/libsass/src/json.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.cpp
/itscss/node_modules/node-sass/src/libsass/src/units.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.cpp
/itscss/node_modules/node-sass/src/libsass/src/utf8/checked.h
/itscss/node_modules/node-sass/src/libsass/src/listize.hpp
/itscss/node_modules/node-sass/src/sass_types/string.cpp
/itscss/node_modules/node-sass/src/libsass/src/prelexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/context.hpp
/itscss/node_modules/node-sass/src/sass_types/boolean.h
/itscss/node_modules/node-sass/src/libsass/include/sass2scss.h
/itscss/node_modules/node-sass/src/libsass/src/eval.cpp
/itscss/node_modules/node-sass/src/libsass/src/expand.cpp
/itscss/node_modules/node-sass/src/sass_types/factory.cpp
/itscss/node_modules/node-sass/src/libsass/src/operators.cpp
/itscss/node_modules/node-sass/src/sass_types/boolean.cpp
/itscss/node_modules/node-sass/src/libsass/src/source_map.cpp
/itscss/node_modules/node-sass/src/sass_types/value.h
/itscss/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/itscss/node_modules/node-sass/src/callback_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/file.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass.cpp
/itscss/node_modules/node-sass/src/libsass/src/node.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.hpp
/itscss/node_modules/node-sass/src/libsass/src/operators.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass.hpp
/itscss/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/itscss/node_modules/node-sass/src/libsass/src/parser.hpp
/itscss/node_modules/node-sass/src/libsass/src/constants.cpp
/itscss/node_modules/node-sass/src/sass_types/list.cpp
/itscss/node_modules/node-sass/src/libsass/src/cssize.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/functions.h
/itscss/node_modules/node-sass/src/libsass/src/util.cpp
/itscss/node_modules/node-sass/src/custom_function_bridge.cpp
/itscss/node_modules/node-sass/src/custom_importer_bridge.h
/itscss/node_modules/node-sass/src/libsass/src/bind.cpp
/itscss/node_modules/node-sass/src/libsass/src/inspect.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/itscss/node_modules/node-sass/src/libsass/src/backtrace.cpp
/itscss/node_modules/node-sass/src/libsass/src/extend.cpp
/itscss/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/itscss/node_modules/node-sass/src/libsass/src/debugger.hpp
/itscss/node_modules/node-sass/src/libsass/src/cencode.c
/itscss/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/itscss/node_modules/node-sass/src/sass_types/number.cpp
/itscss/node_modules/node-sass/src/sass_types/color.h
/itscss/node_modules/node-sass/src/libsass/src/c99func.c
/itscss/node_modules/node-sass/src/libsass/src/position.cpp
/itscss/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/itscss/node_modules/node-sass/src/libsass/src/sass_values.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/values.h
/itscss/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/itscss/node_modules/node-sass/src/sass_types/null.cpp
/itscss/node_modules/node-sass/src/libsass/src/ast.cpp
/itscss/node_modules/node-sass/src/libsass/include/sass/context.h
/itscss/node_modules/node-sass/src/libsass/src/to_c.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.hpp
/itscss/node_modules/node-sass/src/libsass/src/color_maps.hpp
/itscss/node_modules/node-sass/src/sass_context_wrapper.cpp
/itscss/node_modules/node-sass/src/libsass/script/test-leaks.pl
/itscss/node_modules/node-sass/src/libsass/src/lexer.hpp
/itscss/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/itscss/node_modules/node-sass/src/libsass/src/to_c.hpp
/itscss/node_modules/node-sass/src/sass_types/map.cpp
/itscss/node_modules/node-sass/src/libsass/src/to_value.cpp
/itscss/node_modules/node-sass/src/libsass/src/b64/encode.h
/itscss/node_modules/node-sass/src/libsass/src/file.hpp
/itscss/node_modules/node-sass/src/libsass/src/environment.hpp
/itscss/node_modules/node-sass/src/libsass/src/plugins.hpp
/itscss/node_modules/node-sass/src/binding.cpp
/itscss/node_modules/node-sass/src/libsass/src/sass_context.cpp
/itscss/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Modern media queries

Introduce media queries for reduced motion or dark/light mode.

Example:

@media (prefers-reduced-motion: reduce) {
  * {
    animation-duration: 0.01ms !important;
    animation-iteration-count: 1 !important;
    transition-duration: 0.01ms !important;
    scroll-behavior: auto !important;
  }
}

More examples and reference: https://developer.mozilla.org/en-US/docs/Web/CSS/@media

Action required: Greenkeeper could not be activated 🚨

🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/itscss/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /itscss/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 9353d06b5c2544e85f133fb43a61c0421c50fa24

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

CVE-2021-35065 (Medium) detected in glob-parent-5.1.2.tgz

CVE-2021-35065 - Medium Severity Vulnerability

Vulnerable Library - glob-parent-5.1.2.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

sass-1.46.0.tgz (Root Library)
- chokidar-3.5.2.tgz
  - ❌ glob-parent-5.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 7c070c912f3b3e42b8a15342a31039a3ea6e2129

Vulnerability Details

The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)

Publish Date: 2021-06-22

URL: CVE-2021-35065

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: gulpjs/glob-parent#49

Release Date: 2021-06-22

Fix Resolution: glob-parent - 6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-33623 (High) detected in trim-newlines-1.0.0.tgz

CVE-2021-33623 - High Severity Vulnerability

Vulnerable Library - trim-newlines-1.0.0.tgz

Trim newlines from the start and/or end of a string

Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz

Path to dependency file: itscss/package.json

Path to vulnerable library: itscss/node_modules/trim-newlines

Dependency Hierarchy:

node-sass-6.0.0.tgz (Root Library)
- meow-3.7.0.tgz
  - ❌ trim-newlines-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 538d5db5c93893e4a51b25cd8424a6212e8b50f4

Found in base branch: master

Vulnerability Details

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

Publish Date: 2021-05-28

URL: CVE-2021-33623

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623

Release Date: 2021-05-28

Fix Resolution: trim-newlines - 3.0.1, 4.0.1

Step up your Open Source Security Game with WhiteSource here

scriptex / itscss Goto Github PK

itscss's Introduction

ITSCSS

Visitor stats

Code stats

About

Install

Usage

Supported browsers

Available files, selectors, variables and their usage

Settings

Tools

Generic

Elements

Objects

Components

Utilities

LICENSE

itscss's People

Contributors

Stargazers

Watchers

Forkers

itscss's Issues

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

WS-2020-0070 - High Severity Vulnerability

CVE-2021-23364 - Medium Severity Vulnerability

WS-2020-0068 - Medium Severity Vulnerability

CVE-2021-3807 - High Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

CVE-2015-9521 - Medium Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

CVE-2018-20834 - High Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2020-7608 - Medium Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

WS-2019-0063 - High Severity Vulnerability

WS-2019-0047 - Medium Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

CVE-2021-23362 - Medium Severity Vulnerability

CVE-2021-23368 - Medium Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

CVE-2021-23343 - Medium Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

CVE-2021-23382 - Medium Severity Vulnerability

CVE-2019-10744 - High Severity Vulnerability

WS-2019-0100 - Medium Severity Vulnerability

CVE-2020-11023 - Medium Severity Vulnerability

CVE-2019-18797 - Medium Severity Vulnerability

CVE-2020-7774 - High Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

CVE-2021-35065 - Medium Severity Vulnerability

CVE-2021-33623 - High Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs