fern-fun / pi.fern.fun Goto Github PK
View Code? Open in Web Editor NEWPage of our server
Home Page: https://pi.fern.fun
License: MIT License
pi.fern.fun's People
Contributors
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Stargazers
Watchers
pi.fern.fun's Issues
CVE-2021-33502 (High) detected in normalize-url-1.9.1.tgz, normalize-url-3.3.0.tgz
CVE-2021-33502 - High Severity Vulnerability
Vulnerable Libraries - normalize-url-1.9.1.tgz, normalize-url-3.3.0.tgz
normalize-url-1.9.1.tgz
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-1.9.1.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/normalize-url/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- mini-css-extract-plugin-0.11.3.tgz
- ❌ normalize-url-1.9.1.tgz (Vulnerable Library)
- mini-css-extract-plugin-0.11.3.tgz
normalize-url-3.3.0.tgz
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/postcss-normalize-url/node_modules/normalize-url/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- optimize-css-assets-webpack-plugin-5.0.4.tgz
- cssnano-4.1.11.tgz
- cssnano-preset-default-4.0.8.tgz
- postcss-normalize-url-4.0.1.tgz
- ❌ normalize-url-3.3.0.tgz (Vulnerable Library)
- postcss-normalize-url-4.0.1.tgz
- cssnano-preset-default-4.0.8.tgz
- cssnano-4.1.11.tgz
- optimize-css-assets-webpack-plugin-5.0.4.tgz
Found in HEAD commit: 18d4317266abf1a1cac799c97681aa7302a5725d
Found in base branch: main
Vulnerability Details
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
CVE-2021-23364 (Medium) detected in browserslist-4.14.2.tgz
CVE-2021-23364 - Medium Severity Vulnerability
Vulnerable Library - browserslist-4.14.2.tgz
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.14.2.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/react-dev-utils/node_modules/browserslist/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- react-dev-utils-11.0.4.tgz
- ❌ browserslist-4.14.2.tgz (Vulnerable Library)
- react-dev-utils-11.0.4.tgz
Found in HEAD commit: 18d4317266abf1a1cac799c97681aa7302a5725d
Found in base branch: main
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
👾Uncaught (in promise) TypeError: Cannot read property 'length' of undefined
PanelChart:10
if (data.length === 0 && label.length === 0) {
loading = true;
} else {
loading = false;
}CVE-2021-3664 (Medium) detected in url-parse-1.5.1.tgz
CVE-2021-3664 - Medium Severity Vulnerability
Vulnerable Library - url-parse-1.5.1.tgz
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.5.1.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/url-parse/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- webpack-dev-server-3.11.1.tgz
- sockjs-client-1.5.1.tgz
- ❌ url-parse-1.5.1.tgz (Vulnerable Library)
- sockjs-client-1.5.1.tgz
- webpack-dev-server-3.11.1.tgz
Found in HEAD commit: 18d4317266abf1a1cac799c97681aa7302a5725d
Found in base branch: main
Vulnerability Details
url-parse is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2021-07-26
URL: CVE-2021-3664
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3664
Release Date: 2021-07-26
Fix Resolution: url-parse - 1.5.2
Step up your Open Source Security Game with WhiteSource here
CVE-2021-33587 (High) detected in css-what-3.4.2.tgz
CVE-2021-33587 - High Severity Vulnerability
Vulnerable Library - css-what-3.4.2.tgz
a CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/css-what/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- webpack-5.5.0.tgz
- plugin-svgo-5.5.0.tgz
- svgo-1.3.2.tgz
- css-select-2.1.0.tgz
- ❌ css-what-3.4.2.tgz (Vulnerable Library)
- css-select-2.1.0.tgz
- svgo-1.3.2.tgz
- plugin-svgo-5.5.0.tgz
- webpack-5.5.0.tgz
Found in HEAD commit: 18d4317266abf1a1cac799c97681aa7302a5725d
Found in base branch: main
Vulnerability Details
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Publish Date: 2021-05-28
URL: CVE-2021-33587
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587
Release Date: 2021-05-28
Fix Resolution: css-what - 5.0.1
Step up your Open Source Security Game with WhiteSource here
WS-2021-0153 (High) detected in ejs-2.7.4.tgz
WS-2021-0153 - High Severity Vulnerability
Vulnerable Library - ejs-2.7.4.tgz
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/ejs/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- workbox-webpack-plugin-5.1.4.tgz
- workbox-build-5.1.4.tgz
- rollup-plugin-off-main-thread-1.4.2.tgz
- ❌ ejs-2.7.4.tgz (Vulnerable Library)
- rollup-plugin-off-main-thread-1.4.2.tgz
- workbox-build-5.1.4.tgz
- workbox-webpack-plugin-5.1.4.tgz
Found in HEAD commit: 18d4317266abf1a1cac799c97681aa7302a5725d
Found in base branch: main
Vulnerability Details
Arbitrary Code Injection vulnerability was found in ejs before 3.1.6. Caused by filename which isn't sanitized for display.
Publish Date: 2021-01-22
URL: WS-2021-0153
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: mde/ejs#571
Release Date: 2021-01-22
Fix Resolution: ejs - 3.1.6
Step up your Open Source Security Game with WhiteSource here
CVE-2020-28469 (High) detected in glob-parent-3.1.0.tgz
CVE-2020-28469 - High Severity Vulnerability
Vulnerable Library - glob-parent-3.1.0.tgz
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: Fern.fun-Server/package.json
Path to vulnerable library: Fern.fun-Server/node_modules/watchpack-chokidar2/node_modules/glob-parent/package.json,Fern.fun-Server/node_modules/webpack-dev-server/node_modules/glob-parent/package.json
Dependency Hierarchy:
- react-scripts-4.0.3.tgz (Root Library)
- webpack-4.44.2.tgz
- watchpack-1.7.5.tgz
- watchpack-chokidar2-2.0.1.tgz
- chokidar-2.1.8.tgz
- ❌ glob-parent-3.1.0.tgz (Vulnerable Library)
- chokidar-2.1.8.tgz
- watchpack-chokidar2-2.0.1.tgz
- watchpack-1.7.5.tgz
- webpack-4.44.2.tgz
Found in HEAD commit: 18d4317266abf1a1cac799c97681aa7302a5725d
Found in base branch: main
Vulnerability Details
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.