sass-extract icon indicating copy to clipboard operation
sass-extract copied to clipboard

Published 20 hours ago verified publisher icon jgranstrom

Prototype Pollution vulnerability of dependency

Open nemanjacosovic opened this issue 6 years ago • 3 comments

screen shot 2018-08-10 at 12 39 02 pm

nemanjacosovic avatar Aug 10 '18 10:08 nemanjacosovic

Reported to query-ast: https://github.com/salesforce-ux/query-ast/issues/8

nemanjacosovic avatar Aug 10 '18 10:08 nemanjacosovic

The issue is with scss-parser used in query-ast that is used in sass-extract. There is no GitHub for scss-parser so I've sent an email to NPM security (request 41835).

nemanjacosovic avatar Aug 10 '18 11:08 nemanjacosovic

I've also sent a message to salesforce (who are an owner of scss-parser)through online contact form requesting them to update loadsh.

nemanjacosovic avatar Aug 10 '18 11:08 nemanjacosovic