Description
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Remediation
References
https://github.com/sass/libsass/issues/2658
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
Related Vulnerabilities
CVE-2020-28472 Vulnerability in maven package org.webjars.npm:aws-sdk
CVE-2021-23337 Vulnerability in maven package org.webjars:lodash
CVE-2021-23397 Vulnerability in npm package @ianwalter/merge
CVE-2021-21290 Vulnerability in maven package io.netty:netty-codec-http
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder