Description
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Remediation
References
https://github.com/sass/libsass/issues/2658
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
Related Vulnerabilities
CVE-2023-24163 Vulnerability in maven package cn.hutool:hutool-all
CVE-2022-45136 Vulnerability in maven package org.apache.jena:jena-sdb
CVE-2023-25813 Vulnerability in npm package sequelize
CVE-2022-25853 Vulnerability in npm package semver-tags
CVE-2022-38749 Vulnerability in maven package org.yaml:snakeyaml