3.2.3

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-06	CVE-2019-18799	NULL Pointer Dereference vulnerability in Sass-Lang Libsass LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. network low complexity sass-lang CWE-476	6.5
2019-11-06	CVE-2019-18798	Out-of-bounds Read vulnerability in Sass-Lang Libsass LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. network low complexity sass-lang CWE-125	6.5
2019-11-06	CVE-2019-18797	Uncontrolled Recursion vulnerability in Sass-Lang Libsass LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. network low complexity sass-lang CWE-674	6.5
2019-04-23	CVE-2018-20821	Uncontrolled Recursion vulnerability in Sass-Lang Libsass The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). network low complexity sass-lang CWE-674	6.5
2018-12-04	CVE-2018-19839	Out-of-bounds Read vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. network low complexity sass-lang CWE-125	6.5
2018-12-04	CVE-2018-19838	Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). network low complexity sass-lang CWE-400	6.5
2018-12-04	CVE-2018-19837	Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. network low complexity sass-lang CWE-400	6.5
2018-06-04	CVE-2018-11698	Out-of-bounds Read vulnerability in Sass-Lang Libsass An issue was discovered in LibSass through 3.5.4. network low complexity sass-lang CWE-125	8.1
2018-06-04	CVE-2018-11697	Out-of-bounds Read vulnerability in Sass-Lang Libsass An issue was discovered in LibSass through 3.5.4. network low complexity sass-lang CWE-125	8.1
2018-06-04	CVE-2018-11696	NULL Pointer Dereference vulnerability in Sass-Lang Libsass An issue was discovered in LibSass through 3.5.4. network low complexity sass-lang CWE-476	8.8