LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). Reference: https://github.com/sass/libsass/issues/2671
Created libsass tracking bugs for this issue: Affects: fedora-all [bug 1706051]
Created libsass tracking bugs for this issue: Affects: epel-7 [bug 1706052]
First vulnerable commit: https://github.com/sass/libsass/commit/25c9b4952f5838b615da996035453967d0420f57
Statement: This issue did not affect the versions of libsass as shipped with Red Hat Enterprise Linux 8 as the flaw was introduced in a newer version of the library.