Description
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
Remediation
References
https://github.com/sass/libsass/issues/2999
Related Vulnerabilities
CVE-2017-5954 Vulnerability in npm package serialize-to-js
CVE-2018-16469 Vulnerability in maven package org.webjars.npm:merge
CVE-2021-21361 Vulnerability in maven package com.bmuschko:gradle-vagrant-plugin
CVE-2014-3577 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2021-39157 Vulnerability in npm package detect-character-encoding