Description
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Remediation
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
https://github.com/sass/libsass/issues/2658
Related Vulnerabilities
CVE-2020-2164 Vulnerability in maven package org.jenkins-ci.plugins:artifactory
CVE-2022-45690 Vulnerability in maven package cn.hutool:hutool-json
CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2022-40150 Vulnerability in maven package org.codehaus.jettison:jettison