CVE-2019-10799

Name of the Vulnerable Software and Affected Versions compile-sass versions prior to 1.0.5

Description The issue allows execution of arbitrary commands. The function setupCleanupOnExit(cssPath) within dist/index.js is executed as part of the rm command without any sanitization.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider disabling the setupCleanupOnExit(cssPath) function until a patch is available. Restrict access to the dist/index.js file to minimize the risk of exploitation. Avoid using the rm command with unsanitized input in the affected versions until the issue is resolved.