Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Compile-sass Project Subscribe
Filtered by product Compile-sass
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10799 1 Compile-sass Project 1 Compile-sass 2022-01-01 8.5 HIGH 8.2 HIGH
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.