VDB

CVE-2020-24025

CVE-2020-24025 PUBLISHED

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

EPSS 0.30% · 54.1th percentile

Risk Scores

EPSS Score
0.30%
54.1th percentile

Affected Products

VendorProductVersions
Ubuntu:25.10node-node-sass0, 9.0.0+git20240131.6081731+dfsg-3
Ubuntu:20.04:LTSnode-node-sass4.12.0-2, 4.13.1-3, 4.13.1-1
Ubuntu:22.04:LTSnode-node-sass*, 0, 7.0.1+git20211229.3bb51da+dfsg-1
Ubuntu:24.04:LTSnode-node-sass*, *, 0

Timeline

  • Apr 30, 2017 PoC Published
  • Jan 11, 2021 CVE Published
  • Jan 15, 2021 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Jun 28, 2021 PoC Published
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›