CVE-2018-19826

Name of the Vulnerable Software and Affected Versions LibSass version 3.5.5

Description A high memory footprint issue caused by an endless loop may lead to a Denial of Service when processing crafted sass input files containing stray '&' or '/' characters. This issue is considered closed by the upstream as "won't fix" and "works as intended" by design.

Recommendations For LibSass version 3.5.5, consider avoiding the use of stray '&' or '/' characters in sass input files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.