Work from Home Resources
Home Page: https://ignatandrei.github.io/WFH_Resources/
License: MIT License
Work from Home Resources made by Andrei Ignat, edited by Bogdan Bobe
Check out the edited version at https://shdow.github.io/WFH_Resources/
Please see https://ignatandrei.github.io/WFH_Resources/ for full version
Thanks goes to these wonderful people (emoji key):
 Bogdan Bobe ๐ |
This project follows the all-contributors specification. Contributions of any kind welcome!
![allcontributors[bot] avatar](https://avatars.githubusercontent.com/in/23186?v=4 "allcontributors[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Vulnerable Library - lodash-4.17.15.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/package.json
Path to vulnerable library: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: adc52f0f1375b608c1a289e43f3594fef2426365
Vulnerability Details
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
CVSS 3 Score Details (8.1)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - jquery-1.4.4.min.js, jquery-1.7.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: /WFH_Resources/WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Path to vulnerable library: /WFH_Resources/WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: 43fcb8ccf2f1ad1e147ad25c5b3ef4c69fe6d943
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Here's the Weekly Digest for ignatandrei/WFH_Resources:
Last week 3 issues were created.
Of these, 0 issues have been closed and 3 issues are still open.
๐ #40 CVE-2020-15366 (Medium) detected in ajv-6.12.0.tgz, ajv-6.10.2.tgz, by whitesource-bolt-for-github[bot]
๐ #39 WS-2020-0127 (Low) detected in npm-registry-fetch-4.0.3.tgz, by whitesource-bolt-for-github[bot]
๐ #38 CVE-2020-7693 (Medium) detected in sockjs-0.3.19.tgz, by whitesource-bolt-for-github[bot]
Last week, no pull requests were created, updated or merged.
Last week there were 13 commits.
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
Last week there was 1 contributor.
๐ค actions-user
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/WFH_Resources to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Vulnerable Library - elliptic-6.5.2.tgzEC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 0137e543898a95b512f5a96baeb53c9f181f9f84
Found in base branch: master
Vulnerability Details
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Publish Date: 2020-06-04
URL: CVE-2020-13822
CVSS 3 Score Details (7.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-07-02
Fix Resolution (elliptic): 6.5.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - lodash-4.17.15.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Dependency Hierarchy:
Found in HEAD commit: 4a6217f1550cb60230f5541aa1963caaeb3cf603
Found in base branch: master
Vulnerability Details
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
CVSS 3 Score Details (7.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-15
Fix Resolution (lodash): 4.17.19
Direct dependency fix Resolution (@angular/localize): 9.1.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - papaparse-5.1.1.tgzFast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.
Library home page: https://registry.npmjs.org/papaparse/-/papaparse-5.1.1.tgz
Path to dependency file: /makeData/package.json
Path to vulnerable library: /makeData/node_modules/papaparse/package.json
Dependency Hierarchy:
Found in HEAD commit: 10db1e5b1547ae8e8931a71b3e558e5e67785116
Found in base branch: master
Vulnerability Details
papaparse before 5.2.0 are vulnerable to Regular Expression Denial of Service (ReDos). The parse function contains a malformed regular expression that takes exponentially longer to process non-numerical inputs. This allows attackers to stall systems and lead to Denial of Service.
Publish Date: 2020-05-19
URL: WS-2020-0097
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1515
Release Date: 2020-05-19
Fix Resolution: 5.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - ini-1.3.5.tgzAn ini encoder/decoder for node
Library home page: https://registry.npmjs.org/ini/-/ini-1.3.5.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/ini/package.json
Dependency Hierarchy:
Found in HEAD commit: f6363f6c8e44bff410d332ba95ffbb48de6ac566
Found in base branch: master
Vulnerability Details
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Publish Date: 2020-12-11
URL: CVE-2020-7788
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
Release Date: 2020-12-11
Fix Resolution (ini): 1.3.6
Direct dependency fix Resolution (@angular/cli): 9.1.13
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/WFH_Resources:
Last week 2 issues were created.
Of these, 0 issues have been closed and 2 issues are still open.
๐ #43 CVE-2020-8203 (High) detected in lodash-4.17.15.tgz, by whitesource-bolt-for-github[bot]
๐ #42 Bump lodash from 4.17.15 to 4.17.19 in /WFHResourcesApp, by dependabot[bot]
๐ #42 Bump lodash from 4.17.15 to 4.17.19 in /WFHResourcesApp, by dependabot[bot]
It received 1 comments.
Last week, 1 pull request was created, updated or merged.
Last week, 1 pull request was updated.
๐ #42 Bump lodash from 4.17.15 to 4.17.19 in /WFHResourcesApp, by dependabot[bot]
Last week there were 14 commits.
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
Last week there was 1 contributor.
๐ค actions-user
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/WFH_Resources to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Vulnerable Libraries - jquery-1.4.4.min.js, jquery-1.7.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: /WFH_Resources/WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Path to vulnerable library: /WFH_Resources/WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: 43fcb8ccf2f1ad1e147ad25c5b3ef4c69fe6d943
Vulnerability Details
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - http-proxy-1.18.0.tgzHTTP proxying for the masses
Library home page: https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.0.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/http-proxy/package.json
Dependency Hierarchy:
Found in HEAD commit: 63c21ba7615eaf2f65fc799a7d1fe51cdda984d9
Found in base branch: master
Vulnerability Details
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.
Publish Date: 2020-05-14
URL: WS-2020-0091
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1486
Release Date: 2020-05-14
Fix Resolution (http-proxy): 1.18.1
Direct dependency fix Resolution (karma): 4.4.0
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/WFH_Resources:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were 14 commits.
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
Last week there was 1 contributor.
๐ค actions-user
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/WFH_Resources to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Vulnerable Libraries - yargs-parser-13.1.2.tgz, yargs-parser-11.1.1.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/package.json
Path to vulnerable library: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/@angular/localize/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/package.json
Path to vulnerable library: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 0a66f78cf713627846c348736ef811fd18a643fd
Vulnerability Details
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Publish Date: 2020-05-01
URL: WS-2020-0068
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/package/yargs-parser
Release Date: 2020-05-04
Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - websocket-extensions-0.1.3.tgzGeneric extension manager for WebSocket connections
Library home page: https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.3.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/websocket-extensions/package.json
Dependency Hierarchy:
Found in HEAD commit: d3c02e2c5a2535794748edfa4bf46da438809e79
Found in base branch: master
Vulnerability Details
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
Publish Date: 2020-06-02
URL: CVE-2020-7662
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-g78m-2chm-r7qv
Release Date: 2020-06-02
Fix Resolution (websocket-extensions): 0.1.4
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - npm-registry-fetch-4.0.3.tgzFetch-based http client for use with npm registry APIs
Library home page: https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.3.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/npm-registry-fetch/package.json
Dependency Hierarchy:
Found in HEAD commit: 11f241508ba245a0e272c42d9290fc938b0d20ca
Found in base branch: master
Vulnerability Details
npm-registry-fetch before 4.0.5 and 8.1.1 is vulnerable to an information exposure vulnerability through log files.
Publish Date: 2020-07-07
URL: WS-2020-0127
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1544
Release Date: 2020-07-07
Fix Resolution (npm-registry-fetch): 4.0.5
Direct dependency fix Resolution (@angular/cli): 9.0.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - yargs-parser-11.1.1.tgzthe mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/package.json
Path to vulnerable library: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 43fcb8ccf2f1ad1e147ad25c5b3ef4c69fe6d943
Vulnerability Details
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
CVSS 3 Score Details (5.0)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - jquery-2.1.0.min.js, jquery-1.7.1.min.js, jquery-3.3.1.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.0/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/makeData/node_modules/papaparse/player/player.html
Path to vulnerable library: /WFH_Resources/makeData/node_modules/papaparse/player/player.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Path to vulnerable library: /WFH_Resources/WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/docs/output.html
Path to vulnerable library: /WFH_Resources/docs/output.html
Dependency Hierarchy:
Found in HEAD commit: 1ea2490b2d0272c58e918263669a0a900ae4a72b
Vulnerability Details
In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (5.0)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - jquery-3.4.1.slim.min.js, jquery-3.3.1.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.slim.min.js
Path to dependency file: /bkp.html
Path to vulnerable library: /bkp.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js
Path to dependency file: /bkp.html
Path to vulnerable library: /bkp.html
Dependency Hierarchy:
Found in HEAD commit: 32341c6a66490b6bd69206017a3d2317aaf5c13b
Found in base branch: master
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - node-fetch-2.6.0.tgzA light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz
Path to dependency file: /makeData/package.json
Path to vulnerable library: /makeData/node_modules/node-fetch/package.json
Dependency Hierarchy:
Found in HEAD commit: e8f3d6cc80d50a3efc0734f4bd1d1f62c4db17aa
Found in base branch: master
Vulnerability Details
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Publish Date: 2020-09-10
URL: CVE-2020-15168
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-w7rc-rwvf-8q5r
Release Date: 2020-09-17
Fix Resolution: 2.6.1
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/WFH_Resources:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were 14 commits.
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
Last week there was 1 contributor.
๐ค actions-user
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/WFH_Resources to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Vulnerable Library - jquery-3.3.1.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/docs/index.html
Path to vulnerable library: /WFH_Resources/docs/index.html
Dependency Hierarchy:
Found in HEAD commit: 8b8da07f070d580e26400e60dfb99db834752f61
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Here's the Weekly Digest for ignatandrei/WFH_Resources:
Last week 2 issues were created.
Of these, 0 issues have been closed and 2 issues are still open.
๐ #46 Bump elliptic from 6.5.2 to 6.5.3 in /WFHResourcesApp, by dependabot[bot]
๐ #45 CVE-2020-11023 (Medium) detected in multiple libraries, by whitesource-bolt-for-github[bot]
๐ #46 Bump elliptic from 6.5.2 to 6.5.3 in /WFHResourcesApp, by dependabot[bot]
It received 1 comments.
Last week, 1 pull request was created, updated or merged.
Last week, 1 pull request was updated.
๐ #46 Bump elliptic from 6.5.2 to 6.5.3 in /WFHResourcesApp, by dependabot[bot]
Last week there were 19 commits.
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ Merge branch 'master' of https://github.com/ignatandrei/WFH_Resources by ignatandrei
๐ ๏ธ percentage by ignatandrei
๐ ๏ธ generate html by actions-user
๐ ๏ธ per cases by ignatandrei
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
Last week there were 2 contributors.
๐ค actions-user
๐ค ignatandrei
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/WFH_Resources to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Vulnerable Libraries - ajv-6.12.0.tgz, ajv-6.10.2.tgz
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.12.0.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/coverage-istanbul-loader/node_modules/ajv/package.json,/WFHResourcesApp/node_modules/file-loader/node_modules/ajv/package.json,/WFHResourcesApp/node_modules/sass-loader/node_modules/ajv/package.json,/WFHResourcesApp/node_modules/raw-loader/node_modules/ajv/package.json,/WFHResourcesApp/node_modules/terser-webpack-plugin/node_modules/ajv/package.json,/WFHResourcesApp/node_modules/style-loader/node_modules/ajv/package.json
Dependency Hierarchy:
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/ajv/package.json
Dependency Hierarchy:
Found in HEAD commit: 88ba65b280a4be719a61df1623a1ae962aa26546
Found in base branch: master
Vulnerability Details
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-07-15
Fix Resolution (ajv): 6.12.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Fix Resolution (ajv): 6.12.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - node-forge-0.9.0.tgzJavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in HEAD commit: 86d015271ab9a032296c43fb66b81209622718b3
Found in base branch: master
Vulnerability Details
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Publish Date: 2020-09-01
URL: CVE-2020-7720
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-09-01
Fix Resolution (node-forge): 0.10.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/WFH_Resources:
Last week 1 issue was created.
It is still open.
๐ #36 Bump npm-registry-fetch from 4.0.3 to 4.0.5 in /WFHResourcesApp, by dependabot[bot]
๐ #36 Bump npm-registry-fetch from 4.0.3 to 4.0.5 in /WFHResourcesApp, by dependabot[bot]
It received 1 comments.
Last week, 1 pull request was created, updated or merged.
Last week, 1 pull request was updated.
๐ #36 Bump npm-registry-fetch from 4.0.3 to 4.0.5 in /WFHResourcesApp, by dependabot[bot]
Last week there were 14 commits.
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
๐ ๏ธ generate html by actions-user
๐ ๏ธ adding new data by actions-user
Last week there was 1 contributor.
๐ค actions-user
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/WFH_Resources to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Vulnerable Library - socket.io-2.1.1.tgznode.js realtime framework server
Library home page: https://registry.npmjs.org/socket.io/-/socket.io-2.1.1.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/socket.io/package.json
Dependency Hierarchy:
Found in HEAD commit: 4c90ba333ee4f60a3dd5e8ed2489a9150cdc34b7
Found in base branch: master
Vulnerability Details
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
Publish Date: 2021-01-19
URL: CVE-2020-28481
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28481
Release Date: 2021-01-19
Fix Resolution (socket.io): 2.4.0
Direct dependency fix Resolution (karma): 5.0.8
Step up your Open Source Security Game with Mend here
Vulnerable Libraries - jquery-1.4.4.min.js, jquery-1.7.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: /WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Path to vulnerable library: /WFHResourcesApp/node_modules/sockjs/examples/echo/index.html
Dependency Hierarchy:
Found in HEAD commit: 1267ecf9d95e34d5f6f10b48b2c112d176fcc5b4
Found in base branch: master
Vulnerability Details
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-q4m3-2j7h-f7xw
Release Date: 2020-05-19
Fix Resolution: jquery - 1.9.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - elliptic-6.5.2.tgzEC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 77f3a8ed9d38e92a7edd15afcccb50d3f8f84e51
Found in base branch: master
Vulnerability Details
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
Publish Date: 2021-02-02
URL: CVE-2020-28498
CVSS 3 Score Details (6.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498
Release Date: 2021-02-02
Fix Resolution (elliptic): 6.5.4
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - dot-prop-4.2.0.tgzGet, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/WFH_Resources/makeData/package.json
Path to vulnerable library: /tmp/ws-scm/WFH_Resources/makeData/node_modules/dot-prop/package.json
Dependency Hierarchy:
Found in HEAD commit: b91befe3eabd7911d7272583770f2d2bc222ddb5
Vulnerability Details
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - serialize-javascript-2.1.2.tgzSerialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: 6fcc06839299a88c68c979fee408bc105aac55f3
Found in base branch: master
Vulnerability Details
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-08
Fix Resolution (serialize-javascript): 3.1.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.9
Step up your Open Source Security Game with Mend here
Vulnerable Library - engine.io-3.2.1.tgzThe realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server
Library home page: https://registry.npmjs.org/engine.io/-/engine.io-3.2.1.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/engine.io/package.json
Dependency Hierarchy:
Found in HEAD commit: af5ea8f2dac50e75a4a85e9659f8e1607e8f5c9a
Found in base branch: master
Vulnerability Details
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
Publish Date: 2021-01-08
URL: CVE-2020-36048
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048
Release Date: 2021-01-08
Fix Resolution (engine.io): 4.0.0-alpha.0
Direct dependency fix Resolution (karma): 6.0.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - chart.js-2.9.3.tgzSimple HTML5 charts using the canvas element.
Library home page: https://registry.npmjs.org/chart.js/-/chart.js-2.9.3.tgz
Dependency Hierarchy:
Found in HEAD commit: 7ff00a7600ffd83212f5f013a02231d5b05eec42
Found in base branch: master
Vulnerability Details
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Publish Date: 2020-10-29
URL: CVE-2020-7746
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7746
Release Date: 2020-10-29
Fix Resolution: 2.9.4
Step up your Open Source Security Game with Mend here
Vulnerable Library - cache-base-1.0.1.tgzBasic object cache with `get`, `set`, `del`, and `has` methods for node.js/javascript projects.
Library home page: https://registry.npmjs.org/cache-base/-/cache-base-1.0.1.tgz
Path to dependency file: WFH_Resources/WFHResourcesApp/package.json
Path to vulnerable library: WFH_Resources/WFHResourcesApp/node_modules/cache-base/package.json
Dependency Hierarchy:
Found in HEAD commit: 541a6b0d6b089f049c63e540780e880ba9f545f5
Found in base branch: master
Vulnerability Details
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Publish Date: 2020-11-07
URL: CVE-2020-28275
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - minimist-0.0.8.tgzparse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/WFH_Resources/makeData/package.json
Path to vulnerable library: /tmp/ws-scm/WFH_Resources/makeData/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 276e5651d296a25d893bafc8ee29c6a5b9a4b1ae
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - socket.io-parser-3.2.0.tgzsocket.io protocol parser
Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/socket.io-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: af5ea8f2dac50e75a4a85e9659f8e1607e8f5c9a
Found in base branch: master
Vulnerability Details
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
Publish Date: 2021-01-08
URL: CVE-2020-36049
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-xfhh-g9f5-x4m4
Release Date: 2021-01-08
Fix Resolution (socket.io-parser): 3.3.2
Direct dependency fix Resolution (karma): 5.0.8
Step up your Open Source Security Game with Mend here
Vulnerable Library - elliptic-6.5.2.tgzEC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 7a183e924c13530c91eedb6b9da87e7a1706d1f9
Found in base branch: master
Vulnerability Details
all versions of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2019-0424
Release Date: 2019-11-13
Fix Resolution (elliptic): 6.5.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.900.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - jquery-1.4.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WFH_Resources/WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: /WFH_Resources/WFHResourcesApp/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: 43fcb8ccf2f1ad1e147ad25c5b3ef4c69fe6d943
Vulnerability Details
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Publish Date: 2013-03-08
URL: CVE-2011-4969
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2011-4969
Release Date: 2013-03-08
Fix Resolution: 1.6.3
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - marked-0.8.0.tgzA markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.8.0.tgz
Path to dependency file: /makeData/package.json
Path to vulnerable library: /makeData/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 4a499d5573c9359f99b5a2e980bcac0135d48225
Found in base branch: master
Vulnerability Details
marked before 1.1.1 is vulnerable to Regular Expression Denial of Service (REDoS). rules.js have multiple unused capture groups which can lead to a Denial of Service.
Publish Date: 2020-07-02
URL: WS-2020-0163
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-07-02
Fix Resolution: 1.1.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - sockjs-0.3.19.tgzSockJS-node is a server counterpart of SockJS-client a JavaScript library that provides a WebSocket-like object in the browser. SockJS gives you a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication
Library home page: https://registry.npmjs.org/sockjs/-/sockjs-0.3.19.tgz
Path to dependency file: /WFHResourcesApp/package.json
Path to vulnerable library: /WFHResourcesApp/node_modules/sockjs/package.json
Dependency Hierarchy:
Found in HEAD commit: e32e67c0f06c0ad12e306cb3491e48f8bd272d17
Found in base branch: master
Vulnerability Details
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
Publish Date: 2020-07-09
URL: CVE-2020-7693
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-07-14
Fix Resolution (sockjs): 0.3.20
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.7
Step up your Open Source Security Game with Mend here
Vulnerable Library - y18n-4.0.0.tgzthe bare-bones internationalization library used by yargs
Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz
Dependency Hierarchy:
Found in HEAD commit: fcc06a591b2bdd9d340bcc00c4ebf54ed6dbe7f5
Found in base branch: master
Vulnerability Details
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Publish Date: 2020-11-17
URL: CVE-2020-7774
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1654
Release Date: 2020-11-17
Fix Resolution (y18n): 4.0.1
Direct dependency fix Resolution (@angular/localize): 9.1.0
Step up your Open Source Security Game with Mend here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
