1921882 – (CVE-2020-24025) CVE-2020-24025 nodejs-node-sass: Certificate validation is disabled when requesting binaries

Bug 1921882 (CVE-2020-24025) - CVE-2020-24025 nodejs-node-sass: Certificate validation is disabled when requesting binaries

Summary: CVE-2020-24025 nodejs-node-sass: Certificate validation is disabled when req...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-24025
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1923531 1923532 1923533 1923534 1923535
Blocks:	1921890
TreeView+	depends on / blocked

Reported:	2021-01-28 18:48 UTC by Michael Kaplan
Modified:	2023-08-31 08:57 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in nodejs-node-sass. Certificate validation is disabled when requesting binaries even if the user is not specifying an alternative download path.
Clone Of:
Environment:
Last Closed:	2021-10-28 08:42:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Michael Kaplan 2021-01-28 18:48:40 UTC

Certificate validation in node-sass 2.0.0 and later (node-sass>=2.0.0) is disabled when requesting binaries even if the user is not specifying an alternative download path.

Comment 4 Borja Tarraso 2021-02-05 13:39:37 UTC

External References:

https://github.com/sass/node-sass/issues/3067

Note You need to log in before you can comment on or make changes to this bug.

anpicker
bmontgom
dramseur
eparis
erooth
gghezzo
gparvin
jburrell
jhunter
jokerman
jramanat
jweiser
jwendell
kaycoth
kmitts
lcosic
mgala
mjudeiki
nstielau
rcernich
sponnaga
stcannon
surbania
thee
twalsh