RSS   Vulnerabilities for 'Compile-sass'   RSS

2020-02-24
 
CVE-2019-10799

CWE-74
 

 
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.

 


Copyright 2024, cxsecurity.com

 

Back to Top