Description
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Remediation
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
https://github.com/sass/libsass/issues/2658
Related Vulnerabilities
CVE-2020-28278 Vulnerability in npm package shvl
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2022-39259 Vulnerability in maven package io.github.skylot:jadx-plugins-api
CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core