Description
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Remediation
References
https://github.com/sass/node-sass/pull/567#issuecomment-656609236
Related Vulnerabilities
CVE-2016-0762 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2021-23807 Vulnerability in npm package jsonpointer
CVE-2021-29506 Vulnerability in maven package com.graphhopper:graphhopper-nav
CVE-2020-7696 Vulnerability in npm package react-native-fast-image
CVE-2019-10746 Vulnerability in maven package org.webjars.npm:mixin-deep