efremropelato / cesium-coreui-react Goto Github PK
View Code? Open in Web Editor NEWDemo template with Cesiumjs, Coreui & Reactjs
License: MIT License
Demo template with Cesiumjs, Coreui & Reactjs
License: MIT License
evaluate statically-analyzable expressions
Library home page: https://registry.npmjs.org/static-eval/-/static-eval-0.2.4.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/static-module/node_modules/static-eval/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Publish Date: 2018-06-07
URL: CVE-2017-16226
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/548
Release Date: 2017-10-18
Fix Resolution: Update to version 2.0.0 or later.
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11693
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11693
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.5.5
Step up your Open Source Security Game with WhiteSource here
Tomorrow's ECMAScript modules today!
Library home page: https://registry.npmjs.org/esm/-/esm-3.0.84.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/esm/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.
Publish Date: 2018-12-24
URL: WS-2018-0591
Type: Upgrade version
Origin: standard-things/esm#694
Release Date: 2019-06-16
Fix Resolution: 3.1.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-08-06
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Arbitrary Code Execution vulnerability found in handlebars before 4.5.2. Lookup helper fails to validate templates. Attack may submit templates that execute arbitrary JavaScript in the system.
Publish Date: 2019-12-05
URL: WS-2019-0331
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1316
Release Date: 2019-12-05
Fix Resolution: handlebars - 4.5.2
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-06
Fix Resolution: 3.6.3
Step up your Open Source Security Game with WhiteSource here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Prototype Pollution vulnerability found in handlebars 1.0.6 before 4.5.3. It is possible to add or modify properties to the Object prototype through a malicious template. Attacker may crash the application or execute Arbitrary Code in specific conditions.
Publish Date: 2019-12-05
URL: WS-2019-0333
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1325
Release Date: 2019-12-05
Fix Resolution: handlebars - 4.5.3
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
Release Date: 2018-12-17
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
kill trees of processes
Library home page: https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.1.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/node_modules/tree-kill/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
A Command Injection vulnerability found in tree-kill before 1.2.2. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems.
Publish Date: 2020-01-15
URL: WS-2020-0005
Type: Upgrade version
Origin: https://hackerone.com/reports/701183
Release Date: 2020-01-15
Fix Resolution: tree-kill - 1.2.2
Step up your Open Source Security Game with WhiteSource here
Get, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/dot-prop/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Prototype Pollution vulnerability found in handlebars.js before 4.5.3. Attacker may use Remote-Code-Execution exploits.
Publish Date: 2020-01-08
URL: WS-2019-0369
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019
Release Date: 2020-01-08
Fix Resolution: handlebars - 4.5.3
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/archiveExtraction_9bd63957-1183-446b-bed6-ebbc81a77318/20200315073038_27966/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/node_modules/jmespath/index.html
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/node_modules/jmespath/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: /tmp/archiveExtraction_9bd63957-1183-446b-bed6-ebbc81a77318/20200315073038_27966/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/codemirror-4.6/mode/slim/index.html
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/codemirror-4.6/mode/slim/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/js-base64/test/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/js-base64/test/index.html,/cesium-coreui-react/frontend/node_modules/flag-icon-css/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/tinycolor2/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/tinycolor2/demo/jquery-1.9.1.js,/cesium-coreui-react/frontend/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sockjs/examples/express-3.x/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/sockjs/examples/express-3.x/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/multiplex/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/express/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/echo/index.html,/cesium-coreui-react/frontend/node_modules/vm-browserify/example/run/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/hapi/html/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Publish Date: 2019-01-14
URL: CVE-2019-6286
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286
Release Date: 2019-08-06
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695
Release Date: 2018-06-04
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
Base Score Metrics:
Type: Upgrade version
Origin: sass/libsass#2784
Release Date: 2019-08-29
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Dojo core is a powerful, lightweight library that makes common tasks quicker and easier. Animate elements, manipulate the DOM, and query with easy CSS syntax, all without sacrificing performance.
Library home page: https://registry.npmjs.org/dojo/-/dojo-1.10.4.tgz
Path to dependency file: /tmp/archiveExtraction_793dacc1-7609-4a03-bd97-836062967552/20200315073225_14893/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/dojo-release-1.10.4/dijit/package.json
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/dojo-release-1.10.4/dijit/node_modules/dojo/package.json
Dependency Hierarchy:
Found in HEAD commit: 31de15792f6b2cce1222846d60049e5082b32b6e
Fix potential XSS vulnerability. Since this is in a DOH test that isn't used anymore nor run automatically, the threat is minimal.
Publish Date: 2018-09-26
URL: WS-2018-0168
Type: Change files
Origin: dojo/dojo@9117ffd
Release Date: 2018-08-10
Fix Resolution: Replace or update the following files: i18nExhaustive.js, unit.html, test-instructions.md
Step up your Open Source Security Game with WhiteSource here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Publish Date: 2019-12-20
URL: CVE-2019-19919
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1164
Release Date: 2019-12-20
Fix Resolution: 4.3.0
Step up your Open Source Security Game with WhiteSource here
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
Library home page: https://registry.npmjs.org/dompurify/-/dompurify-1.0.11.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/dompurify/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Publish Date: 2019-09-24
URL: CVE-2019-16728
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16728
Release Date: 2019-09-24
Fix Resolution: 2.0.1
Step up your Open Source Security Game with WhiteSource here
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://registry.npmjs.org/swagger-ui/-/swagger-ui-2.2.10.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/loopback-component-explorer/node_modules/swagger-ui/package.json
Dependency Hierarchy:
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/2.2.10/swagger-ui.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/loopback-component-explorer/node_modules/swagger-ui/dist/index.html
Path to vulnerable library: /cesium-coreui-react/backend/node_modules/loopback-component-explorer/node_modules/swagger-ui/dist/swagger-ui.js
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
Publish Date: 2019-10-10
URL: CVE-2019-17495
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17495
Release Date: 2019-10-10
Fix Resolution: 3.23.11
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.1.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz
Path to dependency file: /tmp/archiveExtraction_9bd63957-1183-446b-bed6-ebbc81a77318/20200315073038_27966/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sass-graph/node_modules/yargs-parser/package.json,/tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sass-graph/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/node_modules/yargs-parser/package.json,/tmp/ws-scm/cesium-coreui-react/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 20577fde3f70c867aeddde46e9305b9c36738f9a
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-6.3.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/acorn/package.json
Dependency Hierarchy:
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/falafel/node_modules/acorn/package.json,/tmp/ws-scm/cesium-coreui-react/frontend/node_modules/falafel/node_modules/acorn/package.json
Dependency Hierarchy:
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/acorn-jsx/node_modules/acorn/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
Publish Date: 2020-03-08
URL: WS-2020-0042
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1488
Release Date: 2020-03-08
Fix Resolution: 7.1.1
Step up your Open Source Security Game with WhiteSource here
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://registry.npmjs.org/swagger-ui/-/swagger-ui-2.2.10.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/loopback-component-explorer/node_modules/swagger-ui/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
swagger-ui versions before 3.0.13 are vulnerable to XSS when it fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.
Publish Date: 2019-09-09
URL: WS-2019-0236
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/985
Release Date: 2019-09-09
Fix Resolution: 3.0.13
Step up your Open Source Security Game with WhiteSource here
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://registry.npmjs.org/swagger-ui/-/swagger-ui-2.2.10.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/loopback-component-explorer/node_modules/swagger-ui/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
swagger-ui before 3.20.9 fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. that leads to Cross-Site Scripting
Publish Date: 2019-07-15
URL: WS-2019-0172
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/976
Release Date: 2019-07-15
Fix Resolution: 3.20.9
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sass-loader/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp
Release Date: 2019-07-01
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: /tmp/archiveExtraction_9bd63957-1183-446b-bed6-ebbc81a77318/20200315073038_27966/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/codemirror-4.6/mode/slim/index.html
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/codemirror-4.6/mode/slim/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/js-base64/test/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/js-base64/test/index.html,/cesium-coreui-react/frontend/node_modules/flag-icon-css/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/tinycolor2/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/tinycolor2/demo/jquery-1.9.1.js,/cesium-coreui-react/frontend/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Release Date: 2018-05-26
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694
Release Date: 2018-06-04
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Dojo core is a powerful, lightweight library that makes common tasks quicker and easier. Animate elements, manipulate the DOM, and query with easy CSS syntax, all without sacrificing performance.
Library home page: https://registry.npmjs.org/dojo/-/dojo-1.10.4.tgz
Path to dependency file: /tmp/archiveExtraction_0546c28f-bfaf-4747-89a1-ae8a0cc83236/20200317173413_99289/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/dojo-release-1.10.4/dijit/package.json
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/dojo-release-1.10.4/dojo/package.json
Dependency Hierarchy:
Found in HEAD commit: 1dec322ace2b9da06903c39bdee9f1f4d8b1b198
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
Publish Date: 2020-03-10
URL: CVE-2020-5258
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5258
Release Date: 2020-03-10
Fix Resolution: dojo - 1.11.10,1.12.8,1.13.7,1.14.6,1.15.3,1.16.2
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Publish Date: 2019-12-05
URL: CVE-2019-16769
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769
Release Date: 2019-12-05
Fix Resolution: v2.1.1
Step up your Open Source Security Game with WhiteSource here
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.0/jquery-ui.min.js
Path to dependency file: /tmp/archiveExtraction_9bd63957-1183-446b-bed6-ebbc81a77318/20200315073038_27966/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/codemirror-4.6/mode/slim/index.html
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/ThirdParty/codemirror-4.6/mode/slim/index.html
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Publish Date: 2017-03-15
URL: CVE-2016-7103
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-7103
Release Date: 2017-03-15
Fix Resolution: 1.12.0
Step up your Open Source Security Game with WhiteSource here
Sent by Efrem Ropelato ([email protected]). Created by fire.
--
Efrem Ropelato
Senior Architect
[email protected]
mob. +39 342 7634470
Follow me on:
https://www.linkedin.com/in/efremropelato / | Sede di Milano
Via G. Gozzi, 1/A
20129 Milano (MI)
T. +39 02.67815218
---|---
|
[email protected]
www.gruppofilippetti.it
| © Gruppo Filippetti:
Ancona | Bergamo | Bologna | Lecce | Milano | Napoli |
Padova | Palermo | Perugia | Pescara | Roma | Torino
Questo messaggio è confidenziale; il suo contenuto non costituisce impegno da parte di Filippetti o delle altre aziende del gruppo Filippetti salvo accordo scritto tra destinatario e Filippetti S.p.A. o le altre aziende del Gruppo Filippetti, la pubblicazione, l'uso o la diffusione non autorizzati di questo messaggio, sia in forma completa che parziale non sono consentiti. Se non siete i destinatari di questo messaggio, siete pregati di avvertire il mittente immediatamente e di distruggere il messaggio. Grazie.
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/quote-stream/node_modules/minimist/package.json,/tmp/ws-scm/cesium-coreui-react/frontend/node_modules/quote-stream/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.5.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sharkdown/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/@mapbox/geojson-rewind/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: ffadebc839d4db516b8e7d59dfcc20775ece52cc
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.2
Step up your Open Source Security Game with WhiteSource here
Sent by Efrem Ropelato ([email protected]). Created by fire.
Ciao test ultimo poi dormo
--
Efrem Ropelato
Senior Architect
[email protected]
mob. +39 342 7634470
Follow me on:
https://www.linkedin.com/in/efremropelato / | Sede di Milano
Via G. Gozzi, 1/A
20129 Milano (MI)
T. +39 02.67815218
---|---
|
[email protected]
www.gruppofilippetti.it
| © Gruppo Filippetti:
Ancona | Bergamo | Bologna | Lecce | Milano | Napoli |
Padova | Palermo | Perugia | Pescara | Roma | Torino
Questo messaggio è confidenziale; il suo contenuto non costituisce impegno da parte di Filippetti o delle altre aziende del gruppo Filippetti salvo accordo scritto tra destinatario e Filippetti S.p.A. o le altre aziende del Gruppo Filippetti, la pubblicazione, l'uso o la diffusione non autorizzati di questo messaggio, sia in forma completa che parziale non sono consentiti. Se non siete i destinatari di questo messaggio, siete pregati di avvertire il mittente immediatamente e di distruggere il messaggio. Grazie.
Attachments:
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
A Denial of Service vulnerability found in handlebars 4.x before 4.4.5.While processing specially-crafted templates, the parser may be forced into endless loop. Attackers may exhaust system resources.
Publish Date: 2019-12-01
URL: WS-2019-0318
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1300
Release Date: 2019-12-01
Fix Resolution: handlebars - 4.4.5
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.
Publish Date: 2018-12-03
URL: CVE-2018-19826
Base Score Metrics:
Type: Change files
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19826
Release Date: 2019-09-01
Fix Resolution: Replace or update the following file: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API
Library home page: https://registry.npmjs.org/swagger-ui/-/swagger-ui-2.2.10.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/backend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/backend/node_modules/loopback-component-explorer/node_modules/swagger-ui/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
swagger-ui before 3.18.0 has Reverse Tabnapping vulnerability. using target='_blank' in anchor tags, allowing attackers to access window.opener for the original page.
Publish Date: 2019-07-15
URL: WS-2019-0171
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/975
Release Date: 2019-07-15
Fix Resolution: 3.18.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821
Release Date: 2019-04-23
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sass-loader/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 20577fde3f70c867aeddde46e9305b9c36738f9a
Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation.
Publish Date: 2020-03-18
URL: WS-2019-0381
Base Score Metrics:
Type: Upgrade version
Origin: jonschlinkert/kind-of@975c13a
Release Date: 2020-03-18
Fix Resolution: kind-of - 6.0.3
Step up your Open Source Security Game with WhiteSource here
evaluate statically-analyzable expressions
Library home page: https://registry.npmjs.org/static-eval/-/static-eval-0.2.4.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/static-module/node_modules/static-eval/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
static-eval before 2.0.2 pass untrusted user input directly to the global function constructor. leads to Arbitrary Code Execution
Publish Date: 2019-07-15
URL: WS-2019-0158
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/758
Release Date: 2019-07-15
Fix Resolution: 2.0.2
Step up your Open Source Security Game with WhiteSource here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.2.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
Arbitrary Code Execution vulnerability found in handlebars before 4.5.3. Lookup helper fails to validate templates. Attack may submit templates that execute arbitrary JavaScript in the system.It is due to an incomplete fix for a WS-2019-0331.
Publish Date: 2019-12-05
URL: WS-2019-0332
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1324
Release Date: 2019-12-05
Fix Resolution: handlebars - 4.5.3
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/package.json
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: 3.6.0
Step up your Open Source Security Game with WhiteSource here
Greetings, fire here!
@efremropelato recently invited @fire-bot to this repository. Before fire is enabled, @efremropelato needs to complete a few steps:
Only @efremropelato will be able to enable fire using the above link. If someone added fire by mistake, feel free to remove @fire-bot from your repo's collaborators.
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/archiveExtraction_9bd63957-1183-446b-bed6-ebbc81a77318/20200315073038_27966/ws-scm_depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/node_modules/jmespath/index.html
Path to vulnerable library: _depth_0/cesium-coreui-react/frontend/public/Cesium-1.61/node_modules/jmespath/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/sockjs/examples/express-3.x/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/sockjs/examples/express-3.x/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/multiplex/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/express/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/echo/index.html,/cesium-coreui-react/frontend/node_modules/vm-browserify/example/run/index.html,/cesium-coreui-react/frontend/node_modules/sockjs/examples/hapi/html/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/cesium-coreui-react/frontend/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /cesium-coreui-react/frontend/node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 8c766291aacf616f0f787849563a1a20989f6c61
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.