What is the severity of CVE-2020-24025?

CVE-2020-24025 is classified as a medium-severity vulnerability due to the potential for remote attackers to bypass security restrictions.

How do I fix CVE-2020-24025?

To fix CVE-2020-24025, you should upgrade node-sass to a version higher than 4.14.1 where certificate validation is enabled.

Which versions of node-sass are affected by CVE-2020-24025?

CVE-2020-24025 affects node-sass versions from 2.0.0 to 4.14.1.

What products are affected by CVE-2020-24025?

CVE-2020-24025 impacts node-sass as well as IBM products such as Data Virtualization and Watson Query on Cloud Pak for Data up to specific versions.

Can CVE-2020-24025 be exploited remotely?

Yes, CVE-2020-24025 can be exploited by remote attackers who can take advantage of the disabled certificate validation.

Vulnerability/
CVE-2020-24025

medium

5.3

CWE

295

11/1/2021

20/2/2025

CVE-2020-24025

First published: Mon Jan 11 2021(Updated: )

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sass-lang Node-sass	>=2.0.0<=4.14.1
IBM Data Virtualization on Cloud Pak for Data	<=3.0
IBM Watson Query with Cloud Pak for Data as a Service	<=2.2
IBM Watson Query with Cloud Pak for Data as a Service	<=2.1
IBM Watson Query with Cloud Pak for Data as a Service	<=2.0
IBM Data Virtualization on Cloud Pak for Data	<=1.8
IBM Data Virtualization on Cloud Pak for Data	<=1.7

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183851

Frequently Asked Questions

What is the severity of CVE-2020-24025?
CVE-2020-24025 is classified as a medium-severity vulnerability due to the potential for remote attackers to bypass security restrictions.
How do I fix CVE-2020-24025?
To fix CVE-2020-24025, you should upgrade node-sass to a version higher than 4.14.1 where certificate validation is enabled.
Which versions of node-sass are affected by CVE-2020-24025?
CVE-2020-24025 affects node-sass versions from 2.0.0 to 4.14.1.
What products are affected by CVE-2020-24025?
CVE-2020-24025 impacts node-sass as well as IBM products such as Data Virtualization and Watson Query on Cloud Pak for Data up to specific versions.
Can CVE-2020-24025 be exploited remotely?
Yes, CVE-2020-24025 can be exploited by remote attackers who can take advantage of the disabled certificate validation.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/first-publish-date
agent/author
agent/references
agent/last-modified-date
agent/source
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sass-lang
canonical/sass-lang node-sass
version/sass-lang node-sass/2.0.0
version/sass-lang node-sass/4.14.1
vendor/ibm
canonical/ibm data virtualization on cloud pak for data
version/ibm data virtualization on cloud pak for data/3.0
canonical/ibm watson query with cloud pak for data as a service
version/ibm watson query with cloud pak for data as a service/2.2
version/ibm watson query with cloud pak for data as a service/2.1
version/ibm watson query with cloud pak for data as a service/2.0
version/ibm data virtualization on cloud pak for data/1.8
version/ibm data virtualization on cloud pak for data/1.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.