CVE-2018-19839 Medium Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github[bot]]

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - openalprv2.3.0

Automatic License Plate Recognition library

Library home page: https://github.com/openalpr/openalpr.git

Library Source Files (3)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

- /ddf/ui/node_modules/node-sass/src/libsass/src/utf8/core.h - /ddf/ui/node_modules/node-sass/src/libsass/src/utf8/checked.h - /ddf/ui/node_modules/node-sass/src/libsass/src/utf8/unchecked.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

---

Step up your Open Source Security Game with WhiteSource here

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.