Description
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Remediation
References
https://github.com/sass/node-sass/pull/567#issuecomment-656609236
Related Vulnerabilities
CVE-2018-1273 Vulnerability in maven package org.springframework.data:spring-data-commons
CVE-2018-15494 Vulnerability in npm package dojox
CVE-2019-1353 Vulnerability in npm package nodegit
CVE-2020-2131 Vulnerability in maven package org.jenkins-ci.plugins:harvest
CVE-2018-9207 Vulnerability in npm package jquery-file-upload