CVE-2018-20822

Medium

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and…

mitre·CWE-674·Published 2019-04-23

CVSS

6.5

EPSS

0.02

KEV

Exploits

Vendor statements (3)

lists.opensuse.org
lists.opensuse.org
lists.opensuse.org

cve.orgen

174 chars

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

NVDes

184 chars

LibSass 3.5.4 permite a los atacantes causar una denegación de servicio (recursión incontrolada en Sass::Complex_Selector::perform en ast.hpp y Sass::Inspect::operator en inspect.cpp).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H