CVE-2019-10799
Published
CVSS v3
8.2
HIGH
CVSS v2
8.5
HIGH
Affected
1
PROJECT
Description
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.
A module to compile SASS on-the-fly and/or save it to CSS files using dart-sass for Node.js
GitHub