CVE-2020-24025
Improper Certificate Validation in npm/node-sass
Identifiers
CVE-2020-24025
Package Slug
npm/node-sass
Vulnerability
Improper Certificate Validation
Description
Certificate validation in node-sass is disabled when requesting binaries even if the user is not specifying an alternative download path.
Affected Versions
All versions starting from 2.0.0 up to 4.14.1
Solution
Upgrade to version 5.0.0 or above.
Last Modified
2021-01-18
| source |