Description
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Remediation
References
https://github.com/sass/node-sass/pull/567#issuecomment-656609236
Related Vulnerabilities
CVE-2017-7685 Vulnerability in maven package org.apache.openmeetings:openmeetings-web
CVE-2021-25738 Vulnerability in maven package io.kubernetes:client-java-parent
CVE-2017-15693 Vulnerability in maven package org.apache.geode:geode-core
CVE-2020-11022 Vulnerability in maven package org.fujion.webjars:jquery
CVE-2018-1114 Vulnerability in maven package io.undertow:undertow-core