Moderate severityNVD Advisory· Published Jan 11, 2021· Updated Aug 4, 2024
CVE-2020-24025
CVE-2020-24025
Description
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-sassnpm | >= 2.0.0, < 7.0.0 | 7.0.0 |
Affected products
2- node-sass/node-sassdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-r8f7-9pfq-mjmvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-24025ghsaADVISORY
- github.com/sass/node-sass/commit/0a21792803639851b480fbd8cbcb5540ef974387ghsaWEB
- github.com/sass/node-sass/issues/3067ghsaWEB
- github.com/sass/node-sass/pull/3149ghsaWEB
- github.com/sass/node-sass/pull/567ghsax_refsource_MISCWEB
- github.com/sass/node-sass/releases/tag/v7.0.0ghsaWEB
News mentions
0No linked articles in our index yet.