Liujinghao

Name of the Vulnerable Software and Affected Versions: node-sass versions 2.0.0 through 6.0.1 Description: The issue is related to disabled certificate validation in node-sass when requesting binaries, even if the user does not specify an alternative download path. This affects certain versions of eZ Platform, ezsystems/ezplatform, and ezsystems/ezplatform-page-builder. The maintainers resolved the issue by replacing node-sass with sass. Recommendations: For node-sass versions 2.0.0 through 6.0.1, consider replacing node-sass with sass 1.32.13 or a later version to resolve the issue. For eZ Platform v2.5, update to a version that uses sass instead of node-sass. At the moment, there is no information about other specific fixes for this issue.