{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77137?format=json","vulnerability_id":"VCID-37ey-9k1e-9yc9","summary":"LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).","aliases":[{"alias":"CVE-2018-20822"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103533?format=json","purl":"pkg:deb/debian/libsass@3.6.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.6.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/195972?format=json","purl":"pkg:deb/debian/libsass@3.6.4%2B20201122-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ewmy-1w2e-ffbj"},{"vulnerability":"VCID-hanv-9qy5-a7hs"},{"vulnerability":"VCID-maeh-pvqp-8fc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.6.4%252B20201122-1"},{"url":"http://public2.vulnerablecode.io/api/packages/103528?format=json","purl":"pkg:deb/debian/libsass@3.6.4%2B20201122-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ewmy-1w2e-ffbj"},{"vulnerability":"VCID-hanv-9qy5-a7hs"},{"vulnerability":"VCID-maeh-pvqp-8fc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.6.4%252B20201122-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103526?format=json","purl":"pkg:deb/debian/libsass@3.6.5%2B20220909-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ewmy-1w2e-ffbj"},{"vulnerability":"VCID-hanv-9qy5-a7hs"},{"vulnerability":"VCID-maeh-pvqp-8fc5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.6.5%252B20220909-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103529?format=json","purl":"pkg:deb/debian/libsass@3.6.5%2B20231221-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.6.5%252B20231221-3%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6137?format=json","purl":"pkg:deb/debian/libsass@3.4.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s9p-szrn-3qa4"},{"vulnerability":"VCID-2uhg-gxv6-7faw"},{"vulnerability":"VCID-37ey-9k1e-9yc9"},{"vulnerability":"VCID-3cjd-sdms-p3h4"},{"vulnerability":"VCID-85b9-w559-13da"},{"vulnerability":"VCID-a2q2-szpy-b7dg"},{"vulnerability":"VCID-b47v-s7fa-rkgm"},{"vulnerability":"VCID-c4fs-5xdv-qkdg"},{"vulnerability":"VCID-gdtu-4exa-e3b8"},{"vulnerability":"VCID-h9nc-b6z9-1kek"},{"vulnerability":"VCID-j2w7-37y6-wkfv"},{"vulnerability":"VCID-marh-ahfz-d3fz"},{"vulnerability":"VCID-n2rg-xhde-xke5"},{"vulnerability":"VCID-ny64-h82t-9uee"},{"vulnerability":"VCID-pn83-786k-77e7"},{"vulnerability":"VCID-qdyn-5v8d-w3d4"},{"vulnerability":"VCID-ru6c-n2s1-pqfh"},{"vulnerability":"VCID-v1rm-p4y2-8ffw"},{"vulnerability":"VCID-wn5h-3z16-duet"},{"vulnerability":"VCID-xgz1-4yxp-q3de"},{"vulnerability":"VCID-xhrr-ppsg-b7ed"},{"vulnerability":"VCID-xw29-k1mc-wbdr"},{"vulnerability":"VCID-xxwe-rfa1-gkch"},{"vulnerability":"VCID-yqay-ecvs-fqgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.4.3-1~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/6138?format=json","purl":"pkg:deb/debian/libsass@3.4.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s9p-szrn-3qa4"},{"vulnerability":"VCID-2uhg-gxv6-7faw"},{"vulnerability":"VCID-37ey-9k1e-9yc9"},{"vulnerability":"VCID-3cjd-sdms-p3h4"},{"vulnerability":"VCID-85b9-w559-13da"},{"vulnerability":"VCID-a2q2-szpy-b7dg"},{"vulnerability":"VCID-b47v-s7fa-rkgm"},{"vulnerability":"VCID-c4fs-5xdv-qkdg"},{"vulnerability":"VCID-gdtu-4exa-e3b8"},{"vulnerability":"VCID-h9nc-b6z9-1kek"},{"vulnerability":"VCID-j2w7-37y6-wkfv"},{"vulnerability":"VCID-marh-ahfz-d3fz"},{"vulnerability":"VCID-n2rg-xhde-xke5"},{"vulnerability":"VCID-ny64-h82t-9uee"},{"vulnerability":"VCID-pn83-786k-77e7"},{"vulnerability":"VCID-qdyn-5v8d-w3d4"},{"vulnerability":"VCID-ru6c-n2s1-pqfh"},{"vulnerability":"VCID-v1rm-p4y2-8ffw"},{"vulnerability":"VCID-wn5h-3z16-duet"},{"vulnerability":"VCID-xgz1-4yxp-q3de"},{"vulnerability":"VCID-xhrr-ppsg-b7ed"},{"vulnerability":"VCID-xw29-k1mc-wbdr"},{"vulnerability":"VCID-xxwe-rfa1-gkch"},{"vulnerability":"VCID-yqay-ecvs-fqgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.4.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/6139?format=json","purl":"pkg:deb/debian/libsass@3.5.5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ey-9k1e-9yc9"},{"vulnerability":"VCID-c4fs-5xdv-qkdg"},{"vulnerability":"VCID-h9nc-b6z9-1kek"},{"vulnerability":"VCID-marh-ahfz-d3fz"},{"vulnerability":"VCID-n2rg-xhde-xke5"},{"vulnerability":"VCID-qdyn-5v8d-w3d4"},{"vulnerability":"VCID-v1rm-p4y2-8ffw"},{"vulnerability":"VCID-wn5h-3z16-duet"},{"vulnerability":"VCID-xw29-k1mc-wbdr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libsass@3.5.5-4"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20822.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20822.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20822","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65972","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66024","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66035","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66021","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66009","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.66027","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706031","reference_id":"1706031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1706031"}],"weaknesses":[{"cwe_id":674,"name":"Uncontrolled Recursion","description":"The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack."}],"exploits":[],"severity_range_score":"7.5 - 7.5","exploitability":"0.5","weighted_severity":"6.8","risk_score":3.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37ey-9k1e-9yc9"}