Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3jeg-ng2z-1fhk
Vulnerability ID VCID-3jeg-ng2z-1fhk
Aliases CVE-2018-20190
Summary In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2018-20190
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2018-20190
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2018-20190
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2018-20190
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-20190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
USN-USN-4837-1 https://usn.ubuntu.com/USN-4837-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.51915
EPSS Score 0.00282
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:26:56.607771+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0