Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
References
Link | Resource |
---|---|
https://github.com/sass/node-sass/pull/567#issuecomment-656609236 | Third Party Advisory |
Configurations
Information
Published : 2021-01-11 11:15
Updated : 2021-01-15 05:29
NVD link : CVE-2020-24025
Mitre link : CVE-2020-24025
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
sass-lang
- node-sass