CVE-2019-10799: Injection Vulnerability

February 24, 2020 (updated February 28, 2020)

compile-sass allows execution of arbritary commands. The function setupCleanupOnExit(cssPath) within dist/index.js is executed as part of the rm command without any sanitization.

References

nvd.nist.gov/vuln/detail/CVE-2019-10799

Detect and mitigate CVE-2019-10799 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →