edm115 / school-codes-v2 Goto Github PK
View Code? Open in Web Editor NEWEverything I code at school (college that time)
License: Other
Everything I code at school (college that time)
License: Other
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json,/BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
CVE | Severity | CVSS | Dependency | Type | Fixed in (sqlite3 version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-42282 | Critical | 9.8 | ip-2.0.0.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)
Library home page: https://registry.npmjs.org/ip/-/ip-2.0.0.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json,/BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Publish Date: 2024-02-08
URL: CVE-2023-42282
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-78xj-cgh5-2h22
Release Date: 2024-02-08
Fix Resolution: ip - 1.1.9,2.0.1
Step up your Open Source Security Game with Mend here
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
CVE | Severity | CVSS | Dependency | Type | Fixed in (jade version) | Remediation Possible** |
---|---|---|---|---|---|---|
WS-2019-0217 | Critical | 10.0 | constantinople-3.0.2.tgz | Transitive | N/A* | โ |
WS-2018-0068 | Critical | 9.8 | constantinople-3.0.2.tgz | Transitive | N/A* | โ |
CVE-2015-8857 | Critical | 9.8 | uglify-js-2.2.5.tgz | Transitive | N/A* | โ |
CVE-2015-8858 | High | 7.5 | uglify-js-2.2.5.tgz | Transitive | N/A* | โ |
WS-2019-0017 | Medium | 5.3 | clean-css-3.4.28.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)
Library home page: https://registry.npmjs.org/constantinople/-/constantinople-3.0.2.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
constantinople before 3.1.1 affected by a sandbox bypass.
Publish Date: 2018-02-09
URL: WS-2019-0217
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/568
Release Date: 2018-02-09
Fix Resolution: 3.1.1
Step up your Open Source Security Game with Mend here
Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)
Library home page: https://registry.npmjs.org/constantinople/-/constantinople-3.0.2.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.
Publish Date: 2018-04-21
URL: WS-2018-0068
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/568
Release Date: 2018-01-24
Fix Resolution: 3.1.1
Step up your Open Source Security Game with Mend here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.2.5.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
Publish Date: 2017-01-23
URL: CVE-2015-8857
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2017-01-23
Fix Resolution: v2.4.24
Step up your Open Source Security Game with Mend here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.2.5.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Publish Date: 2017-01-23
URL: CVE-2015-8858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2017-01-23
Fix Resolution: v2.6.0
Step up your Open Source Security Game with Mend here
A well-tested CSS minifier
Library home page: https://registry.npmjs.org/clean-css/-/clean-css-3.4.28.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2018-03-06
URL: WS-2019-0017
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-wxhq-pm8v-cw75
Release Date: 2018-03-06
Fix Resolution: clean-css - 4.1.11
Step up your Open Source Security Game with Mend here
Probablement useless, mais pourquoi pas...
General purpose programming language
Library home page: https://api.anaconda.org/download/main/python/3.12.0/linux-aarch64/python-3.12.0-h8edadfe_0.tar.bz2
Path to dependency file: /BUT1/Moodle/S2/R2.08/pythondatascientist/environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/python-3.12.0-hab00c5b_0_cpython.conda
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
CVE | Severity | CVSS | Dependency | Type | Fixed in (python version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-6597 | High | 7.8 | python-3.12.0-h8edadfe_0.tar.bz2 | Direct | v3.8.19,v3.9.19,v3.11.8,v3.12.1 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
General purpose programming language
Library home page: https://api.anaconda.org/download/main/python/3.12.0/linux-aarch64/python-3.12.0-h8edadfe_0.tar.bz2
Path to dependency file: /BUT1/Moodle/S2/R2.08/pythondatascientist/environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/python-3.12.0-hab00c5b_0_cpython.conda
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
An issue was found in the CPython tempfile.TemporaryDirectory
class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Publish Date: 2024-03-19
URL: CVE-2023-6597
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-797f-63wg-8chv
Release Date: 2024-03-19
Fix Resolution: v3.8.19,v3.9.19,v3.11.8,v3.12.1
Step up your Open Source Security Game with Mend here
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
CVE | Severity | CVSS | Dependency | Type | Fixed in (express-generator version) | Remediation Possible** |
---|---|---|---|---|---|---|
WS-2021-0153 | Critical | 9.8 | ejs-2.6.1.tgz | Transitive | N/A* | โ |
CVE-2022-29078 | Critical | 9.8 | ejs-2.6.1.tgz | Transitive | N/A* | โ |
CVE-2021-44906 | Critical | 9.8 | minimist-0.0.8.tgz | Transitive | N/A* | โ |
CVE-2022-3517 | High | 7.5 | minimatch-3.0.4.tgz | Transitive | N/A* | โ |
CVE-2020-7598 | Medium | 5.6 | minimist-0.0.8.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.6.1.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
Arbitrary Code Injection vulnerability was found in ejs before 3.1.6. Caused by filename which isn't sanitized for display.
Publish Date: 2021-01-22
URL: WS-2021-0153
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-01-22
Fix Resolution: ejs - 3.1.6
Step up your Open Source Security Game with Mend here
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.6.1.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Publish Date: 2022-04-25
URL: CVE-2022-29078
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29078~
Release Date: 2022-04-25
Fix Resolution: ejs - v3.1.7
Step up your Open Source Security Game with Mend here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: 2022-03-17
Fix Resolution: minimist - 0.2.4,1.2.6
Step up your Open Source Security Game with Mend here
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: 2022-10-17
URL: CVE-2022-3517
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-10-17
Fix Resolution: minimatch - 3.0.5
Step up your Open Source Security Game with Mend here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Path to vulnerable library: /BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with Mend here
Found in HEAD commit: 68fd2052d0efc0a5cca85867e764d93cc98974bc
CVE | Severity | CVSS | Dependency | Type | Fixed in (express version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2022-24999 | High | 7.5 | qs-6.5.2.tgz | Transitive | 4.17.0 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
A querystring parser that supports nesting and arrays, with a depth limit
Library home page: https://registry.npmjs.org/qs/-/qs-6.5.2.tgz
Dependency Hierarchy:
Found in HEAD commit: 68fd2052d0efc0a5cca85867e764d93cc98974bc
Found in base branch: master
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).
Publish Date: 2022-11-26
URL: CVE-2022-24999
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-24999
Release Date: 2022-11-26
Fix Resolution (qs): 6.5.3
Direct dependency fix Resolution (express): 4.17.0
Step up your Open Source Security Game with Mend here
Path to dependency file: /BUT2/Moodle/S4/Parcours A/R4.A.13/cs231n.github.io - Convolutional Neural Networks for Visual Recognition - Stanford/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/addressable-2.7.0.gem
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
CVE | Severity | CVSS | Dependency | Type | Fixed in (jekyll version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2021-32740 | High | 7.5 | addressable-2.7.0.gem | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates.
Library home page: https://rubygems.org/gems/addressable-2.7.0.gem
Path to dependency file: /BUT2/Moodle/S4/Parcours A/R4.A.13/cs231n.github.io - Convolutional Neural Networks for Visual Recognition - Stanford/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/addressable-2.7.0.gem
Dependency Hierarchy:
Found in HEAD commit: b85d529ab67936920b3cba059f835857c987df1d
Found in base branch: master
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
Publish Date: 2021-07-06
URL: CVE-2021-32740
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jxhc-q857-3j6g
Release Date: 2021-07-06
Fix Resolution: addressable - 2.8.0
Step up your Open Source Security Game with Mend here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Warning
Renovate failed to look up the following dependencies: Failed to look up maven package fr.ubs.sporttrack:model
.
Files affected: BUT2/Moodle/S4/R4.01/sporttrack-webapp/pom.xml
These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
org.zkoss.zk:zhtml
, org.zkoss.zk:zkplus
, org.zkoss.zk:zul
, org.zkoss.zk:zkbind
)@vitest/coverage-istanbul
, vitest
)org.zkoss.zk:zhtml
, org.zkoss.zk:zkplus
, org.zkoss.zk:zul
, org.zkoss.zk:zkbind
)BUT2/Moodle/S4/Parcours A/R4.A.13/cs231n.github.io - Convolutional Neural Networks for Visual Recognition - Stanford/Gemfile
jekyll undefined
BUT2/Moodle/S4/R4.02/rhtest/apps/docker-compose-monitoring.yml
grafana/grafana-oss 9.3.2
prom/prometheus v2.41.0
BUT2/Moodle/S4/R4.02/rhtest/apps/docker-compose-rhtest.yml
BUT2/Moodle/S4/R4.02/rhtest/apps/monitoring/noise/Dockerfile
alpine 3.17.1
BUT2/Moodle/S4/R4.02/rhtest/apps/rhapi/Dockerfile
node 18
node 18
node 18
BUT2/Moodle/S4/R4.02/rhtest/apps/rhfront/Dockerfile
.github/workflows/codeql.yml
actions/checkout v4
github/codeql-action v3
github/codeql-action v3
github/codeql-action v3
BUT2/Moodle/S4/R4.02/tdd-workshop/.github/workflows/github-pages.yml
actions/checkout v2
BUT1/Moodle/S1/R1.07/R1.07_TP1.html
require.js 2.3.6
jquery 3.7.1
BUT1/Moodle/S2/R2.08/R2.08_RegLin_SQL.html
require.js 2.3.6
jquery 3.7.1
BUT1/Moodle/S2/R2.08/R2.08_TP1_bis.html
require.js 2.3.6
jquery 3.7.1
BUT1/Moodle/S2/R2.08/R2.08_TP2.html
require.js 2.3.6
jquery 3.7.1
BUT2/Moodle/S4/Parcours A/R4.A.13/cs231n.github.io - Convolutional Neural Networks for Visual Recognition - Stanford/_layouts/default.html
mathjax 2.7.1
BUT2/Moodle/S4/R4.01/sporttrack-webapp/pom.xml
org.zkoss.zk:zkbind 9.6.0.2
org.zkoss.zk:zul 9.6.0.2
org.zkoss.zk:zkplus 9.6.0.2
org.zkoss.zk:zhtml 9.6.0.2
commons-io:commons-io 2.11.0
fr.ubs.sporttrack:model 1.0
org.eclipse.jetty:jetty-maven-plugin 10.0.13
org.apache.maven.plugins:maven-compiler-plugin 3.10.1
org.apache.maven.plugins:maven-war-plugin 3.3.2
org.apache.maven.plugins:maven-assembly-plugin 3.4.2
BUT2/Codes/S3/R3.01/TP3/sport-track-db/express_webapp/package.json
cookie-parser ~1.4.4
debug ~4.3.0
express ~4.19.0
express-session ^1.17.3
http-errors ~2.0.0
jade ~1.11.0
morgan ~1.10.0
multer ^1.4.5-lts.1
sqlite3 ^5.1.6
BUT2/Codes/S3/R3.01/TP3/sport-track-db/package.json
express-generator ^4.16.1
sqlite3 ^5.1.6
BUT2/Moodle/S4/Parcours A/R4.A.10/r4.a.10-main/section/cours/R4A10_Partie_2/plugin/menu/package.json
@babel/core ^7.10.4
@babel/preset-env ^7.10.4
@rollup/plugin-babel ^6.0.0
@rollup/plugin-commonjs ^25.0.0
@rollup/plugin-node-resolve ^15.0.0
babel-plugin-transform-html-import-to-string 2.0.0
core-js ^3.6.5
gulp ^4.0.2
rollup ^3.0.0
@rollup/plugin-terser ^0.4.4
BUT2/Moodle/S4/R4.02/rhtest/apps/rhapi/package.json
cors ^2.8.5
express ^4.19.2
express-promise-router ^4.1.1
prom-client ^15.1.2
@biomejs/biome 1.7.2
@types/cors ^2.8.17
@types/express ^4.17.21
@types/supertest ^6.0.2
@vitest/coverage-istanbul ^1.5.3
nodemon ^3.1.0
supertest ^7.0.0
ts-node ^10.9.1
typescript ^4.9.4
vitest ^1.5.3
BUT2/Moodle/S4/R4.02/rhtest/apps/rhfront/package.json
@picocss/pico ^2.0.6
axios ^1.6.8
vue ^3.4.26
@vitejs/plugin-vue ^5.0.4
vite ^5.2.10
BUT2/Moodle/S4/R4.02/tdd-workshop/demos/tdd-demo/package.json
@types/jest ^29.5.12
@typescript-eslint/eslint-plugin ^7.8.0
@typescript-eslint/parser ^7.8.0
eslint ^8.56.0
jest ^29.7.0
ts-jest ^29.1.2
ts-node ^10.9.2
typescript ^5.4.5
BUT2/Moodle/S4/R4.02/tdd-workshop/demos/tests-ai-assisted/package.json
@typescript-eslint/eslint-plugin ^7.8.0
@typescript-eslint/parser ^7.8.0
@vitest/coverage-istanbul ^1.5.3
eslint ^8.56.0
nodemon ^3.1.0
supertest ^7.0.0
ts-node ^10.9.1
typescript ^4.9.4
vitest ^1.5.3
BUT2/Moodle/S4/R4.02/tdd-workshop/demos/tests-snapshot/package.json
@typescript-eslint/eslint-plugin ^7.8.0
@typescript-eslint/parser ^7.8.0
@vitest/coverage-istanbul ^1.5.3
eslint ^8.56.0
nodemon ^3.1.0
supertest ^7.0.0
ts-node ^10.9.1
typescript ^4.9.4
vitest ^1.5.3
BUT2/Moodle/S4/R4.02/rhtest/.nvmrc
node 18
BUT2/Moodle/S4/R4.02/tdd-workshop/demos/tdd-demo/.nvmrc
node 20
JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.
Library home page: http://junit.org
Path to vulnerable library: /BUT1/Codes/R2.03/TPTestJUnit/lib/junit-4.11.jar,/BUT1/Codes/R2.03/TPMoney/lib/junit-4.11.jar,/BUT1/Moodle/S2/R2.03/JUnit/junit-4.11.jar
Found in HEAD commit: 68fd2052d0efc0a5cca85867e764d93cc98974bc
CVE | Severity | CVSS | Dependency | Type | Fixed in (junit version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2020-15250 | Medium | 5.5 | junit-4.11.jar | Direct | 4.13.1 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.
Library home page: http://junit.org
Path to vulnerable library: /BUT1/Codes/R2.03/TPTestJUnit/lib/junit-4.11.jar,/BUT1/Codes/R2.03/TPMoney/lib/junit-4.11.jar,/BUT1/Moodle/S2/R2.03/JUnit/junit-4.11.jar
Dependency Hierarchy:
Found in HEAD commit: 68fd2052d0efc0a5cca85867e764d93cc98974bc
Found in base branch: master
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir
system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.
Publish Date: 2020-10-12
URL: CVE-2020-15250
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-269g-pwp5-87pp
Release Date: 2020-10-12
Fix Resolution: 4.13.1
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.