incplusplus / betterstat-server Goto Github PK
View Code? Open in Web Editor NEWThe Spring server for betterstat.
License: MIT License
The Spring server for betterstat.
License: MIT License
Vulnerabilities
DepShield reports that this application's usage of org.apache.tomcat.embed:tomcat-embed-core:8.5.32 results in the following vulnerability(s):
Occurrences
org.apache.tomcat.embed:tomcat-embed-core:8.5.32 is a transitive dependency introduced by the following direct dependency(s):
• org.springframework.boot:spring-boot-starter-web:2.0.4.RELEASE
└─ org.springframework.boot:spring-boot-starter-tomcat:2.0.4.RELEASE
└─ org.apache.tomcat.embed:tomcat-embed-core:8.5.32
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
Vulnerabilities
DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.9.9 results in the following vulnerability(s):
Occurrences
com.fasterxml.jackson.core:jackson-databind:2.9.9 is a transitive dependency introduced by the following direct dependency(s):
• org.springframework.boot:spring-boot-starter-web:2.1.6.RELEASE
└─ org.springframework.boot:spring-boot-starter-json:2.1.6.RELEASE
└─ com.fasterxml.jackson.core:jackson-databind:2.9.9
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /betterstat-server/src/main/resources/templates/registration.html
Path to vulnerable library: /betterstat-server/src/main/resources/templates/registration.html
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 45637e6bb6b0f97b5e780529f31e29027be6941a
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
Publish Date: 2019-06-19
URL: CVE-2019-12814
Base Score Metrics:
Type: Change files
Origin: FasterXML/jackson-databind@5f7c69b
Release Date: 2019-06-14
Fix Resolution: Replace or update the following files: SubTypeValidator.java, VERSION
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19360
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.32/tomcat-embed-core-8.5.32.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Publish Date: 2019-04-10
URL: CVE-2019-0199
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199
Release Date: 2019-04-10
Fix Resolution: 8.5.38,9.0.14
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 355ad114e6dc389e93d19a3701967aac1e4a51c5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Publish Date: 2019-10-07
URL: CVE-2019-17267
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267
Release Date: 2019-10-07
Fix Resolution: 2.9.10
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /betterstat-server/src/main/resources/templates/registration.html
Path to vulnerable library: /betterstat-server/src/main/resources/templates/registration.html
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/proper/commons-codec/
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Publish Date: 2018-01-22
URL: CVE-2018-5968
Base Score Metrics:
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
Release Date: 2018-01-22
Fix Resolution: 2.8.11.1, 2.9.4
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14720
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14720
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 7312eabe2650dc8d2e466d5ae2884273a9048247
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Publish Date: 2019-07-30
URL: CVE-2019-14439
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
Release Date: 2019-07-30
Fix Resolution: 2.9.9.2
Step up your Open Source Security Game with WhiteSource here
Add-on module to support JSR-310 (Java 8 Date & Time API) data types.
Library home page: https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.9.6/jackson-datatype-jsr310-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Publish Date: 2018-12-20
URL: CVE-2018-1000873
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000873
Release Date: 2018-12-20
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 13ad453afc5071335c9fb81c7c09ed1014f29428
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Publish Date: 2019-09-15
URL: CVE-2019-16335
Type: Upgrade version
Origin: https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x
Release Date: 2019-09-15
Fix Resolution: 2.9.10
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19361
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 8870d81ea655a8a3b5777eeff228a966cd404b53
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Publish Date: 2019-10-07
URL: CVE-2019-17267
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267
Release Date: 2019-10-07
Fix Resolution: 2.9.10
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 7312eabe2650dc8d2e466d5ae2884273a9048247
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.
Publish Date: 2019-07-29
URL: CVE-2019-14379
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
Release Date: 2019-07-29
Fix Resolution: 2.9.9.2
Step up your Open Source Security Game with WhiteSource here
Add-on module to support JSR-310 (Java 8 Date & Time API) data types.
Library home page: https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.9.6/jackson-datatype-jsr310-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Publish Date: 2018-12-20
URL: CVE-2018-1000873
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000873
Release Date: 2018-12-20
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /betterstat-server/src/main/resources/templates/registration.html
Path to vulnerable library: /betterstat-server/src/main/resources/templates/registration.html
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
spring-security-core
Library home page: http://spring.io/spring-security
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/security/spring-security-core/5.0.7.RELEASE/spring-security-core-5.0.7.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Publish Date: 2019-04-09
URL: CVE-2019-3795
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2019-3795
Release Date: 2019-04-08
Fix Resolution: 4.2.12,5.0.12,5.1.5
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14718
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14718
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19362
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 13ad453afc5071335c9fb81c7c09ed1014f29428
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Publish Date: 2019-09-15
URL: CVE-2019-14540
Type: Upgrade version
Origin: https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x
Release Date: 2019-09-15
Fix Resolution: 2.9.10
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Publish Date: 2018-01-22
URL: CVE-2018-5968
Base Score Metrics:
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
Release Date: 2018-01-22
Fix Resolution: 2.8.11.1, 2.9.4
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Publish Date: 2019-05-17
URL: CVE-2019-12086
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
Release Date: 2019-05-17
Fix Resolution: 2.9.9
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of org.springframework.security:spring-security-core:5.0.7.RELEASE results in the following vulnerability(s):
Occurrences
org.springframework.security:spring-security-core:5.0.7.RELEASE is a transitive dependency introduced by the following direct dependency(s):
• org.springframework.boot:spring-boot-starter-security:2.0.4.RELEASE
└─ org.springframework.security:spring-security-config:5.0.7.RELEASE
└─ org.springframework.security:spring-security-core:5.0.7.RELEASE
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/proper/commons-codec/
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19361
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 2e5dd203e5022f8c31526e99fe0648c43a2ec1b1
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
Publish Date: 2019-10-01
URL: CVE-2019-16942
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
Release Date: 2019-10-01
Fix Resolution: 2.10.0.pr1
Step up your Open Source Security Game with WhiteSource here
spring-security-core
Library home page: http://spring.io/spring-security
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/security/spring-security-core/5.0.7.RELEASE/spring-security-core-5.0.7.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
Publish Date: 2019-04-09
URL: CVE-2019-3795
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2019-3795
Release Date: 2019-04-08
Fix Resolution: 4.2.12,5.0.12,5.1.5
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: c1b50a6fcb8be7a68aa51f4eb1129649c8245204
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
Publish Date: 2019-10-01
URL: CVE-2019-16943
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 355ad114e6dc389e93d19a3701967aac1e4a51c5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
Publish Date: 2019-10-12
URL: CVE-2019-17531
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
Release Date: 2019-10-12
Fix Resolution: 2.10
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Publish Date: 2019-05-17
URL: CVE-2019-12086
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
Release Date: 2019-05-17
Fix Resolution: 2.9.9
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14720
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14720
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14719
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14719
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14721
Base Score Metrics:
Type: Change files
Origin: FasterXML/jackson-databind@87d29af
Release Date: 2018-08-16
Fix Resolution: Replace or update the following files: VERSION, BeanDeserializerFactory.java
Step up your Open Source Security Game with WhiteSource here
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.32/tomcat-embed-core-8.5.32.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Publish Date: 2019-04-10
URL: CVE-2019-0199
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199
Release Date: 2019-04-10
Fix Resolution: 8.5.38,9.0.14
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.9.6 results in the following vulnerability(s):
Occurrences
com.fasterxml.jackson.core:jackson-databind:2.9.6 is a transitive dependency introduced by the following direct dependency(s):
• com.maxmind.geoip2:geoip2:2.12.0
└─ com.fasterxml.jackson.core:jackson-databind:2.9.6
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19360
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/5.0.8.RELEASE/spring-web-5.0.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Publish Date: 2018-10-18
URL: CVE-2018-15756
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-15756
Release Date: 2018-10-18
Fix Resolution: 4.3.20,5.0.10,5.1.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /betterstat-server/src/main/resources/templates/registration.html
Path to vulnerable library: /betterstat-server/src/main/resources/templates/registration.html
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 2e5dd203e5022f8c31526e99fe0648c43a2ec1b1
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
Publish Date: 2019-10-01
URL: CVE-2019-16943
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14719
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14719
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/5.0.8.RELEASE/spring-web-5.0.8.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Publish Date: 2018-10-18
URL: CVE-2018-15756
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-15756
Release Date: 2018-10-18
Fix Resolution: 4.3.20,5.0.10,5.1.1
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.9/jackson-databind-2.9.9.jar
Dependency Hierarchy:
Found in HEAD commit: 09d1964e6e2eefd0670c49f5844861d1b1f38a9b
FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Publish Date: 2019-06-24
URL: CVE-2019-12384
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19362
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14721
Base Score Metrics:
Type: Change files
Origin: FasterXML/jackson-databind@87d29af
Release Date: 2018-08-16
Fix Resolution: Replace or update the following files: VERSION, BeanDeserializerFactory.java
Step up your Open Source Security Game with WhiteSource here
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.32/tomcat-embed-core-8.5.32.jar
Dependency Hierarchy:
Found in HEAD commit: e3398a9573ec42f089b2b2360f53767809fbb7c0
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Publish Date: 2019-06-21
URL: CVE-2019-10072
Base Score Metrics:
Type: Upgrade version
Origin: http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41
Release Date: 2019-06-21
Fix Resolution: 8.5.41,9.0.20
Step up your Open Source Security Game with WhiteSource here
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /betterstat-server/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.32/tomcat-embed-core-8.5.32.jar
Dependency Hierarchy:
Found in HEAD commit: 6c026eb8b67245c860f7cfd3312980b3081c3cbe
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Publish Date: 2019-06-21
URL: CVE-2019-10072
Base Score Metrics:
Type: Upgrade version
Origin: http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41
Release Date: 2019-06-21
Fix Resolution: 8.5.41,9.0.20
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.